Experience Builder


Terraform

< Back

Repository
aztfmod / terraform-azurerm-caf
Description

Terraform supermodule for the Terraform platform engineering for Azure

Stars

 466

Failed Checks
  •  Security Scanning
     Linting

  • Scan Date

    2023-10-30 17:57:40

    Security Scanning

    This repository failed the Experience Builder Terraform Module's Security Scanning validation. This means that a security scanning tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to:

    Checkov Output
                    
                      terraform scan results:
    
    Passed checks: 95, Failed checks: 197, Skipped checks: 0, Parsing errors: 2
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.synapse_workspaces.azurerm_key_vault_secret.sql_admin_password
    	File: /modules/analytics/synapse/workspace.tf:90-102
    	Calling File: /synapses.tf:1-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		90  | resource "azurerm_key_vault_secret" "sql_admin_password" {
    		91  |   count = try(var.settings.sql_administrator_login_password, null) == null ? 1 : 0
    		92  | 
    		93  |   name         = format("%s-synapse-sql-admin-password", azurerm_synapse_workspace.ws.name)
    		94  |   value        = random_password.sql_admin.0.result
    		95  |   key_vault_id = var.keyvault_id
    		96  | 
    		97  |   lifecycle {
    		98  |     ignore_changes = [
    		99  |       value
    		100 |     ]
    		101 |   }
    		102 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.synapse_workspaces.azurerm_key_vault_secret.sql_admin_password
    	File: /modules/analytics/synapse/workspace.tf:90-102
    	Calling File: /synapses.tf:1-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		90  | resource "azurerm_key_vault_secret" "sql_admin_password" {
    		91  |   count = try(var.settings.sql_administrator_login_password, null) == null ? 1 : 0
    		92  | 
    		93  |   name         = format("%s-synapse-sql-admin-password", azurerm_synapse_workspace.ws.name)
    		94  |   value        = random_password.sql_admin.0.result
    		95  |   key_vault_id = var.keyvault_id
    		96  | 
    		97  |   lifecycle {
    		98  |     ignore_changes = [
    		99  |       value
    		100 |     ]
    		101 |   }
    		102 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.synapse_workspaces.azurerm_key_vault_secret.sql_admin
    	File: /modules/analytics/synapse/workspace.tf:104-110
    	Calling File: /synapses.tf:1-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		104 | resource "azurerm_key_vault_secret" "sql_admin" {
    		105 |   count = try(var.settings.sql_administrator_login_password, null) == null ? 1 : 0
    		106 | 
    		107 |   name         = format("%s-synapse-sql-admin-username", azurerm_synapse_workspace.ws.name)
    		108 |   value        = var.settings.sql_administrator_login
    		109 |   key_vault_id = var.keyvault_id
    		110 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.synapse_workspaces.azurerm_key_vault_secret.sql_admin
    	File: /modules/analytics/synapse/workspace.tf:104-110
    	Calling File: /synapses.tf:1-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		104 | resource "azurerm_key_vault_secret" "sql_admin" {
    		105 |   count = try(var.settings.sql_administrator_login_password, null) == null ? 1 : 0
    		106 | 
    		107 |   name         = format("%s-synapse-sql-admin-username", azurerm_synapse_workspace.ws.name)
    		108 |   value        = var.settings.sql_administrator_login
    		109 |   key_vault_id = var.keyvault_id
    		110 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.synapse_workspaces.azurerm_key_vault_secret.synapse_name
    	File: /modules/analytics/synapse/workspace.tf:112-118
    	Calling File: /synapses.tf:1-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		112 | resource "azurerm_key_vault_secret" "synapse_name" {
    		113 |   count = try(var.settings.sql_administrator_login_password, null) == null ? 1 : 0
    		114 | 
    		115 |   name         = format("%s-synapse-name", azurerm_synapse_workspace.ws.name)
    		116 |   value        = azurerm_synapse_workspace.ws.name
    		117 |   key_vault_id = var.keyvault_id
    		118 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.synapse_workspaces.azurerm_key_vault_secret.synapse_name
    	File: /modules/analytics/synapse/workspace.tf:112-118
    	Calling File: /synapses.tf:1-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		112 | resource "azurerm_key_vault_secret" "synapse_name" {
    		113 |   count = try(var.settings.sql_administrator_login_password, null) == null ? 1 : 0
    		114 | 
    		115 |   name         = format("%s-synapse-name", azurerm_synapse_workspace.ws.name)
    		116 |   value        = azurerm_synapse_workspace.ws.name
    		117 |   key_vault_id = var.keyvault_id
    		118 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.synapse_workspaces.azurerm_key_vault_secret.synapse_rg_name
    	File: /modules/analytics/synapse/workspace.tf:120-126
    	Calling File: /synapses.tf:1-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		120 | resource "azurerm_key_vault_secret" "synapse_rg_name" {
    		121 |   count = try(var.settings.sql_administrator_login_password, null) == null ? 1 : 0
    		122 | 
    		123 |   name         = format("%s-synapse-resource-group-name", azurerm_synapse_workspace.ws.name)
    		124 |   value        = local.resource_group_name
    		125 |   key_vault_id = var.keyvault_id
    		126 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.synapse_workspaces.azurerm_key_vault_secret.synapse_rg_name
    	File: /modules/analytics/synapse/workspace.tf:120-126
    	Calling File: /synapses.tf:1-20
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		120 | resource "azurerm_key_vault_secret" "synapse_rg_name" {
    		121 |   count = try(var.settings.sql_administrator_login_password, null) == null ? 1 : 0
    		122 | 
    		123 |   name         = format("%s-synapse-resource-group-name", azurerm_synapse_workspace.ws.name)
    		124 |   value        = local.resource_group_name
    		125 |   key_vault_id = var.keyvault_id
    		126 | }
    
    Check: CKV_AZURE_173: "Ensure API management uses at least TLS 1.2"
    	FAILED for resource: module.example.module.api_management.azurerm_api_management.apim
    	File: /modules/apim/api_management/module.tf:11-217
    	Calling File: /api_management.tf:1-19
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_174: "Ensure API management public access is disabled"
    	FAILED for resource: module.example.module.api_management.azurerm_api_management.apim
    	File: /modules/apim/api_management/module.tf:11-217
    	Calling File: /api_management.tf:1-19
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_215: "Ensure API management backend uses https"
    	FAILED for resource: module.example.module.api_management_backend.azurerm_api_management_backend.apim
    	File: /modules/apim/api_management_backend/module.tf:11-67
    	Calling File: /api_management.tf:107-122
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.azuread_applications.azurerm_key_vault_secret.client_id
    	File: /modules/azuread/applications/keyvault_secrets.tf:2-15
    	Calling File: /azuread_applications.tf:8-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		2  | resource "azurerm_key_vault_secret" "client_id" {
    		3  |   for_each = try(var.settings.keyvaults, {})
    		4  | 
    		5  |   name         = format("%s-client-id", each.value.secret_prefix)
    		6  |   value        = azuread_application.app.application_id
    		7  |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		8  | 
    		9  |   lifecycle {
    		10 |     ignore_changes = [
    		11 |       value
    		12 |     ]
    		13 |   }
    		14 | 
    		15 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.azuread_applications.azurerm_key_vault_secret.client_id
    	File: /modules/azuread/applications/keyvault_secrets.tf:2-15
    	Calling File: /azuread_applications.tf:8-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		2  | resource "azurerm_key_vault_secret" "client_id" {
    		3  |   for_each = try(var.settings.keyvaults, {})
    		4  | 
    		5  |   name         = format("%s-client-id", each.value.secret_prefix)
    		6  |   value        = azuread_application.app.application_id
    		7  |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		8  | 
    		9  |   lifecycle {
    		10 |     ignore_changes = [
    		11 |       value
    		12 |     ]
    		13 |   }
    		14 | 
    		15 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.azuread_applications.azurerm_key_vault_secret.client_secret
    	File: /modules/azuread/applications/keyvault_secrets.tf:17-23
    	Calling File: /azuread_applications.tf:8-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		17 | resource "azurerm_key_vault_secret" "client_secret" {
    		18 |   for_each        = try(var.settings.keyvaults, {})
    		19 |   name            = format("%s-client-secret", each.value.secret_prefix)
    		20 |   value           = azuread_service_principal_password.pwd.value
    		21 |   key_vault_id    = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		22 |   expiration_date = timeadd(time_rotating.pwd.id, format("%sh", local.password_policy.expire_in_days * 24))
    		23 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.azuread_applications.azurerm_key_vault_secret.tenant_id
    	File: /modules/azuread/applications/keyvault_secrets.tf:25-30
    	Calling File: /azuread_applications.tf:8-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		25 | resource "azurerm_key_vault_secret" "tenant_id" {
    		26 |   for_each     = try(var.settings.keyvaults, {})
    		27 |   name         = format("%s-tenant-id", each.value.secret_prefix)
    		28 |   value        = var.client_config.tenant_id
    		29 |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		30 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.azuread_applications.azurerm_key_vault_secret.tenant_id
    	File: /modules/azuread/applications/keyvault_secrets.tf:25-30
    	Calling File: /azuread_applications.tf:8-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		25 | resource "azurerm_key_vault_secret" "tenant_id" {
    		26 |   for_each     = try(var.settings.keyvaults, {})
    		27 |   name         = format("%s-tenant-id", each.value.secret_prefix)
    		28 |   value        = var.client_config.tenant_id
    		29 |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		30 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.azuread_credentials.azurerm_key_vault_secret.client_id
    	File: /modules/azuread/credentials/keyvault_secrets.tf:2-11
    	Calling File: /azuread_credentials.tf:2-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		2  | resource "azurerm_key_vault_secret" "client_id" {
    		3  |   for_each = try(var.settings.keyvaults, {})
    		4  | 
    		5  |   name         = format("%s-client-id", each.value.secret_prefix)
    		6  |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		7  | 
    		8  |   value = coalesce(
    		9  |     try(var.resources.application.application_id, null)
    		10 |   )
    		11 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.azuread_credentials.azurerm_key_vault_secret.client_id
    	File: /modules/azuread/credentials/keyvault_secrets.tf:2-11
    	Calling File: /azuread_credentials.tf:2-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		2  | resource "azurerm_key_vault_secret" "client_id" {
    		3  |   for_each = try(var.settings.keyvaults, {})
    		4  | 
    		5  |   name         = format("%s-client-id", each.value.secret_prefix)
    		6  |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		7  | 
    		8  |   value = coalesce(
    		9  |     try(var.resources.application.application_id, null)
    		10 |   )
    		11 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.azuread_credentials.azurerm_key_vault_secret.tenant_id
    	File: /modules/azuread/credentials/keyvault_secrets.tf:13-18
    	Calling File: /azuread_credentials.tf:2-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		13 | resource "azurerm_key_vault_secret" "tenant_id" {
    		14 |   for_each     = try(var.settings.keyvaults, {})
    		15 |   name         = format("%s-tenant-id", each.value.secret_prefix)
    		16 |   value        = try(each.value.tenant_id, var.client_config.tenant_id)
    		17 |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		18 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.azuread_credentials.azurerm_key_vault_secret.tenant_id
    	File: /modules/azuread/credentials/keyvault_secrets.tf:13-18
    	Calling File: /azuread_credentials.tf:2-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		13 | resource "azurerm_key_vault_secret" "tenant_id" {
    		14 |   for_each     = try(var.settings.keyvaults, {})
    		15 |   name         = format("%s-tenant-id", each.value.secret_prefix)
    		16 |   value        = try(each.value.tenant_id, var.client_config.tenant_id)
    		17 |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		18 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.azuread_credentials.azurerm_key_vault_secret.client_secret
    	File: /modules/azuread/credentials/password.tf:75-92
    	Calling File: /azuread_credentials.tf:2-19
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		75 | resource "azurerm_key_vault_secret" "client_secret" {
    		76 |   for_each = {
    		77 |     for key, value in try(var.settings.keyvaults, {}) : key => value
    		78 |     if try(var.settings.azuread_application, null) != null && lower(local.password_type) == "password"
    		79 |   }
    		80 | 
    		81 |   # Add a timer to make sure the new password got replicated into azure ad replica set before we store it into keyvault
    		82 |   depends_on = [time_sleep.wait_new_password_propagation]
    		83 | 
    		84 |   name            = format("%s-client-secret", each.value.secret_prefix)
    		85 |   value           = local.random_key == "key0" ? sensitive(azuread_application_password.key0.0.value) : try(sensitive(azuread_application_password.key1.0.value), sensitive(azuread_application_password.key.0.value))
    		86 |   key_vault_id    = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		87 |   expiration_date = local.random_key == "key0" ? local.expiration_date.key0 : try(local.expiration_date.key1, local.expiration_date.key)
    		88 | 
    		89 |   tags = {
    		90 |     key = local.random_key
    		91 |   }
    		92 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.azuread_service_principal_passwords.azurerm_key_vault_secret.client_id
    	File: /modules/azuread/service_principal_password/keyvault_secrets.tf:2-8
    	Calling File: /azuread_service_principal_passwords.tf:5-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		2 | resource "azurerm_key_vault_secret" "client_id" {
    		3 |   for_each = try(var.settings.keyvaults, {})
    		4 | 
    		5 |   name         = format("%s-client-id", each.value.secret_prefix)
    		6 |   value        = var.service_principal_application_id
    		7 |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		8 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.azuread_service_principal_passwords.azurerm_key_vault_secret.client_id
    	File: /modules/azuread/service_principal_password/keyvault_secrets.tf:2-8
    	Calling File: /azuread_service_principal_passwords.tf:5-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		2 | resource "azurerm_key_vault_secret" "client_id" {
    		3 |   for_each = try(var.settings.keyvaults, {})
    		4 | 
    		5 |   name         = format("%s-client-id", each.value.secret_prefix)
    		6 |   value        = var.service_principal_application_id
    		7 |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		8 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.azuread_service_principal_passwords.azurerm_key_vault_secret.client_secret
    	File: /modules/azuread/service_principal_password/keyvault_secrets.tf:10-16
    	Calling File: /azuread_service_principal_passwords.tf:5-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		10 | resource "azurerm_key_vault_secret" "client_secret" {
    		11 |   for_each        = try(var.settings.keyvaults, {})
    		12 |   name            = format("%s-client-secret", each.value.secret_prefix)
    		13 |   value           = azuread_service_principal_password.pwd.value
    		14 |   key_vault_id    = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		15 |   expiration_date = timeadd(time_rotating.pwd.id, format("%sh", local.password_policy.expire_in_days * 24))
    		16 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.azuread_service_principal_passwords.azurerm_key_vault_secret.tenant_id
    	File: /modules/azuread/service_principal_password/keyvault_secrets.tf:18-23
    	Calling File: /azuread_service_principal_passwords.tf:5-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		18 | resource "azurerm_key_vault_secret" "tenant_id" {
    		19 |   for_each     = try(var.settings.keyvaults, {})
    		20 |   name         = format("%s-tenant-id", each.value.secret_prefix)
    		21 |   value        = var.client_config.tenant_id
    		22 |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		23 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.azuread_service_principal_passwords.azurerm_key_vault_secret.tenant_id
    	File: /modules/azuread/service_principal_password/keyvault_secrets.tf:18-23
    	Calling File: /azuread_service_principal_passwords.tf:5-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		18 | resource "azurerm_key_vault_secret" "tenant_id" {
    		19 |   for_each     = try(var.settings.keyvaults, {})
    		20 |   name         = format("%s-tenant-id", each.value.secret_prefix)
    		21 |   value        = var.client_config.tenant_id
    		22 |   key_vault_id = try(each.value.lz_key, null) == null ? var.keyvaults[var.client_config.landingzone_key][each.key].id : var.keyvaults[each.value.lz_key][each.key].id
    		23 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.azuread_users.azurerm_key_vault_secret.aad_user_name
    	File: /modules/azuread/users/user.tf:59-63
    	Calling File: /azuread_users.tf:5-14
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		59 | resource "azurerm_key_vault_secret" "aad_user_name" {
    		60 |   name         = format("%s%s-name", local.secret_prefix, local.user_name)
    		61 |   value        = azuread_user.account.user_principal_name
    		62 |   key_vault_id = local.keyvault_id
    		63 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.azuread_users.azurerm_key_vault_secret.aad_user_name
    	File: /modules/azuread/users/user.tf:59-63
    	Calling File: /azuread_users.tf:5-14
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		59 | resource "azurerm_key_vault_secret" "aad_user_name" {
    		60 |   name         = format("%s%s-name", local.secret_prefix, local.user_name)
    		61 |   value        = azuread_user.account.user_principal_name
    		62 |   key_vault_id = local.keyvault_id
    		63 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.azuread_users.azurerm_key_vault_secret.aad_user_password
    	File: /modules/azuread/users/user.tf:65-70
    	Calling File: /azuread_users.tf:5-14
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		65 | resource "azurerm_key_vault_secret" "aad_user_password" {
    		66 |   name            = format("%s%s-password", local.secret_prefix, local.user_name)
    		67 |   value           = random_password.pwd.result
    		68 |   expiration_date = timeadd(time_rotating.pwd.id, format("%sh", local.password_policy.expire_in_days * 24))
    		69 |   key_vault_id    = local.keyvault_id
    		70 | }
    Check: CKV_AZURE_134: "Ensure that Cognitive Services accounts disable public network access"
    	FAILED for resource: module.example.module.cognitive_services_account.azurerm_cognitive_account.service
    	File: /modules/cognitive_services/cognitive_services_account/cognitive_service_account.tf:11-49
    	Calling File: /cognitive_service.tf:1-10
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-azure-cognitive-services-accounts-disable-public-network-access.html
    
    		11 | resource "azurerm_cognitive_account" "service" {
    		12 |   name                = azurecaf_name.service.result
    		13 |   location            = var.location
    		14 |   resource_group_name = var.resource_group_name
    		15 |   kind                = var.settings.kind
    		16 |   sku_name            = var.settings.sku_name
    		17 | 
    		18 |   qna_runtime_endpoint = var.settings.kind == "QnAMaker" ? var.settings.qna_runtime_endpoint : try(var.settings.qna_runtime_endpoint, null)
    		19 | 
    		20 |   dynamic "network_acls" {
    		21 |     for_each = can(var.settings.network_acls) ? [var.settings.network_acls] : []
    		22 |     content {
    		23 |       default_action = network_acls.value.default_action
    		24 |       ip_rules       = try(network_acls.value.ip_rules, null)
    		25 | 
    		26 |       # to support migration from 2.99.0 to 3.7.0
    		27 |       dynamic "virtual_network_rules" {
    		28 |         for_each = can(network_acls.value.virtual_network_subnet_ids) ? toset(network_acls.value.virtual_network_subnet_ids) : []
    		29 | 
    		30 |         content {
    		31 |           subnet_id = virtual_network_rules.value
    		32 |         }
    		33 |       }
    		34 | 
    		35 |       dynamic "virtual_network_rules" {
    		36 |         for_each = try(network_acls.value.virtual_network_rules, {})
    		37 | 
    		38 |         content {
    		39 |           subnet_id                            = virtual_network_rules.value.subnet_id
    		40 |           ignore_missing_vnet_service_endpoint = try(virtual_network_rules.value.ignore_missing_vnet_service_endpoint, null)
    		41 |         }
    		42 |       }
    		43 |     }
    		44 |   }
    		45 | 
    		46 |   custom_subdomain_name = try(var.settings.custom_subdomain_name, null)
    		47 | 
    		48 |   tags = try(var.settings.tags, {})
    		49 | }
    Check: CKV_AZURE_172: "Ensure autorotation of Secrets Store CSI Driver secrets for AKS clusters"
    	FAILED for resource: module.example.module.aks_clusters.azurerm_kubernetes_cluster.aks
    	File: /modules/compute/aks/aks.tf:40-436
    	Calling File: /compute_aks_clusters.tf:5-37
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_226: "Ensure ephemeral disks are used for OS disks"
    	FAILED for resource: module.example.module.aks_clusters.azurerm_kubernetes_cluster.aks
    	File: /modules/compute/aks/aks.tf:40-436
    	Calling File: /compute_aks_clusters.tf:5-37
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_227: "Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources"
    	FAILED for resource: module.example.module.aks_clusters.azurerm_kubernetes_cluster.aks
    	File: /modules/compute/aks/aks.tf:40-436
    	Calling File: /compute_aks_clusters.tf:5-37
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_168: "Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods."
    	FAILED for resource: module.example.module.aks_clusters.azurerm_kubernetes_cluster.aks
    	File: /modules/compute/aks/aks.tf:40-436
    	Calling File: /compute_aks_clusters.tf:5-37
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_227: "Ensure that the AKS cluster encrypt temp disks, caches, and data flows between Compute and Storage resources"
    	FAILED for resource: module.example.module.aks_clusters.azurerm_kubernetes_cluster_node_pool.nodepools
    	File: /modules/compute/aks/aks.tf:449-573
    	Calling File: /compute_aks_clusters.tf:5-37
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_168: "Ensure Azure Kubernetes Cluster (AKS) nodes should use a minimum number of 50 pods."
    	FAILED for resource: module.example.module.aks_clusters.azurerm_kubernetes_cluster_node_pool.nodepools
    	File: /modules/compute/aks/aks.tf:449-573
    	Calling File: /compute_aks_clusters.tf:5-37
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_98: "Ensure that Azure Container group is deployed into virtual network"
    	FAILED for resource: module.example.module.container_groups.azurerm_container_group.acg
    	File: /modules/compute/container_group/container_group.tf:27-201
    	Calling File: /compute_container_groups.tf:1-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-container-container-group-is-deployed-into-virtual-network.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_164: "Ensures that ACR uses signed/trusted images"
    	FAILED for resource: module.example.module.container_registry.azurerm_container_registry.acr
    	File: /modules/compute/container_registry/registry.tf:11-54
    	Calling File: /compute_container_registry.tf:1-28
    
    		11 | resource "azurerm_container_registry" "acr" {
    		12 |   name                = azurecaf_name.acr.result
    		13 |   resource_group_name = local.resource_group_name
    		14 |   location            = local.location
    		15 |   sku                 = var.sku
    		16 |   admin_enabled       = var.admin_enabled
    		17 |   tags                = local.tags
    		18 | 
    		19 |   public_network_access_enabled = var.public_network_access_enabled
    		20 | 
    		21 |   dynamic "network_rule_set" {
    		22 |     for_each = try(var.network_rule_set, {})
    		23 | 
    		24 |     content {
    		25 |       default_action = try(network_rule_set.value.default_action, "Allow")
    		26 | 
    		27 |       dynamic "ip_rule" {
    		28 |         for_each = try(network_rule_set.value.ip_rules, {})
    		29 | 
    		30 |         content {
    		31 |           action   = "Allow"
    		32 |           ip_range = ip_rule.value.ip_range
    		33 |         }
    		34 |       }
    		35 |       dynamic "virtual_network" {
    		36 |         for_each = try(network_rule_set.value.virtual_networks, {})
    		37 | 
    		38 |         content {
    		39 |           action    = "Allow"
    		40 |           subnet_id = can(virtual_network.value.subnet_id) ? virtual_network.value.subnet_id : var.vnets[try(virtual_network.value.lz_key, var.client_config.landingzone_key)][virtual_network.value.vnet_key].subnets[virtual_network.value.subnet_key].id
    		41 |         }
    		42 |       }
    		43 |     }
    		44 |   }
    		45 | 
    		46 |   dynamic "georeplications" {
    		47 |     for_each = try(var.georeplications, {})
    		48 | 
    		49 |     content {
    		50 |       location = var.global_settings.regions[georeplications.key]
    		51 |       tags     = try(georeplications.value.tags)
    		52 |     }
    		53 |   }
    		54 | }
    
    Check: CKV_AZURE_166: "Ensure container image quarantine, scan, and mark images verified"
    	FAILED for resource: module.example.module.container_registry.azurerm_container_registry.acr
    	File: /modules/compute/container_registry/registry.tf:11-54
    	Calling File: /compute_container_registry.tf:1-28
    
    		11 | resource "azurerm_container_registry" "acr" {
    		12 |   name                = azurecaf_name.acr.result
    		13 |   resource_group_name = local.resource_group_name
    		14 |   location            = local.location
    		15 |   sku                 = var.sku
    		16 |   admin_enabled       = var.admin_enabled
    		17 |   tags                = local.tags
    		18 | 
    		19 |   public_network_access_enabled = var.public_network_access_enabled
    		20 | 
    		21 |   dynamic "network_rule_set" {
    		22 |     for_each = try(var.network_rule_set, {})
    		23 | 
    		24 |     content {
    		25 |       default_action = try(network_rule_set.value.default_action, "Allow")
    		26 | 
    		27 |       dynamic "ip_rule" {
    		28 |         for_each = try(network_rule_set.value.ip_rules, {})
    		29 | 
    		30 |         content {
    		31 |           action   = "Allow"
    		32 |           ip_range = ip_rule.value.ip_range
    		33 |         }
    		34 |       }
    		35 |       dynamic "virtual_network" {
    		36 |         for_each = try(network_rule_set.value.virtual_networks, {})
    		37 | 
    		38 |         content {
    		39 |           action    = "Allow"
    		40 |           subnet_id = can(virtual_network.value.subnet_id) ? virtual_network.value.subnet_id : var.vnets[try(virtual_network.value.lz_key, var.client_config.landingzone_key)][virtual_network.value.vnet_key].subnets[virtual_network.value.subnet_key].id
    		41 |         }
    		42 |       }
    		43 |     }
    		44 |   }
    		45 | 
    		46 |   dynamic "georeplications" {
    		47 |     for_each = try(var.georeplications, {})
    		48 | 
    		49 |     content {
    		50 |       location = var.global_settings.regions[georeplications.key]
    		51 |       tags     = try(georeplications.value.tags)
    		52 |     }
    		53 |   }
    		54 | }
    
    Check: CKV_AZURE_139: "Ensure ACR set to disable public networking"
    	FAILED for resource: module.example.module.container_registry.azurerm_container_registry.acr
    	File: /modules/compute/container_registry/registry.tf:11-54
    	Calling File: /compute_container_registry.tf:1-28
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-azure-acr-is-set-to-disable-public-networking.html
    
    		11 | resource "azurerm_container_registry" "acr" {
    		12 |   name                = azurecaf_name.acr.result
    		13 |   resource_group_name = local.resource_group_name
    		14 |   location            = local.location
    		15 |   sku                 = var.sku
    		16 |   admin_enabled       = var.admin_enabled
    		17 |   tags                = local.tags
    		18 | 
    		19 |   public_network_access_enabled = var.public_network_access_enabled
    		20 | 
    		21 |   dynamic "network_rule_set" {
    		22 |     for_each = try(var.network_rule_set, {})
    		23 | 
    		24 |     content {
    		25 |       default_action = try(network_rule_set.value.default_action, "Allow")
    		26 | 
    		27 |       dynamic "ip_rule" {
    		28 |         for_each = try(network_rule_set.value.ip_rules, {})
    		29 | 
    		30 |         content {
    		31 |           action   = "Allow"
    		32 |           ip_range = ip_rule.value.ip_range
    		33 |         }
    		34 |       }
    		35 |       dynamic "virtual_network" {
    		36 |         for_each = try(network_rule_set.value.virtual_networks, {})
    		37 | 
    		38 |         content {
    		39 |           action    = "Allow"
    		40 |           subnet_id = can(virtual_network.value.subnet_id) ? virtual_network.value.subnet_id : var.vnets[try(virtual_network.value.lz_key, var.client_config.landingzone_key)][virtual_network.value.vnet_key].subnets[virtual_network.value.subnet_key].id
    		41 |         }
    		42 |       }
    		43 |     }
    		44 |   }
    		45 | 
    		46 |   dynamic "georeplications" {
    		47 |     for_each = try(var.georeplications, {})
    		48 | 
    		49 |     content {
    		50 |       location = var.global_settings.regions[georeplications.key]
    		51 |       tags     = try(georeplications.value.tags)
    		52 |     }
    		53 |   }
    		54 | }
    
    Check: CKV_AZURE_165: "Ensure geo-replicated container registries to match multi-region container deployments."
    	FAILED for resource: module.example.module.container_registry.azurerm_container_registry.acr
    	File: /modules/compute/container_registry/registry.tf:11-54
    	Calling File: /compute_container_registry.tf:1-28
    
    		11 | resource "azurerm_container_registry" "acr" {
    		12 |   name                = azurecaf_name.acr.result
    		13 |   resource_group_name = local.resource_group_name
    		14 |   location            = local.location
    		15 |   sku                 = var.sku
    		16 |   admin_enabled       = var.admin_enabled
    		17 |   tags                = local.tags
    		18 | 
    		19 |   public_network_access_enabled = var.public_network_access_enabled
    		20 | 
    		21 |   dynamic "network_rule_set" {
    		22 |     for_each = try(var.network_rule_set, {})
    		23 | 
    		24 |     content {
    		25 |       default_action = try(network_rule_set.value.default_action, "Allow")
    		26 | 
    		27 |       dynamic "ip_rule" {
    		28 |         for_each = try(network_rule_set.value.ip_rules, {})
    		29 | 
    		30 |         content {
    		31 |           action   = "Allow"
    		32 |           ip_range = ip_rule.value.ip_range
    		33 |         }
    		34 |       }
    		35 |       dynamic "virtual_network" {
    		36 |         for_each = try(network_rule_set.value.virtual_networks, {})
    		37 | 
    		38 |         content {
    		39 |           action    = "Allow"
    		40 |           subnet_id = can(virtual_network.value.subnet_id) ? virtual_network.value.subnet_id : var.vnets[try(virtual_network.value.lz_key, var.client_config.landingzone_key)][virtual_network.value.vnet_key].subnets[virtual_network.value.subnet_key].id
    		41 |         }
    		42 |       }
    		43 |     }
    		44 |   }
    		45 | 
    		46 |   dynamic "georeplications" {
    		47 |     for_each = try(var.georeplications, {})
    		48 | 
    		49 |     content {
    		50 |       location = var.global_settings.regions[georeplications.key]
    		51 |       tags     = try(georeplications.value.tags)
    		52 |     }
    		53 |   }
    		54 | }
    
    Check: CKV_AZURE_163: "Enable vulnerability scanning for container images."
    	FAILED for resource: module.example.module.container_registry.azurerm_container_registry.acr
    	File: /modules/compute/container_registry/registry.tf:11-54
    	Calling File: /compute_container_registry.tf:1-28
    
    		11 | resource "azurerm_container_registry" "acr" {
    		12 |   name                = azurecaf_name.acr.result
    		13 |   resource_group_name = local.resource_group_name
    		14 |   location            = local.location
    		15 |   sku                 = var.sku
    		16 |   admin_enabled       = var.admin_enabled
    		17 |   tags                = local.tags
    		18 | 
    		19 |   public_network_access_enabled = var.public_network_access_enabled
    		20 | 
    		21 |   dynamic "network_rule_set" {
    		22 |     for_each = try(var.network_rule_set, {})
    		23 | 
    		24 |     content {
    		25 |       default_action = try(network_rule_set.value.default_action, "Allow")
    		26 | 
    		27 |       dynamic "ip_rule" {
    		28 |         for_each = try(network_rule_set.value.ip_rules, {})
    		29 | 
    		30 |         content {
    		31 |           action   = "Allow"
    		32 |           ip_range = ip_rule.value.ip_range
    		33 |         }
    		34 |       }
    		35 |       dynamic "virtual_network" {
    		36 |         for_each = try(network_rule_set.value.virtual_networks, {})
    		37 | 
    		38 |         content {
    		39 |           action    = "Allow"
    		40 |           subnet_id = can(virtual_network.value.subnet_id) ? virtual_network.value.subnet_id : var.vnets[try(virtual_network.value.lz_key, var.client_config.landingzone_key)][virtual_network.value.vnet_key].subnets[virtual_network.value.subnet_key].id
    		41 |         }
    		42 |       }
    		43 |     }
    		44 |   }
    		45 | 
    		46 |   dynamic "georeplications" {
    		47 |     for_each = try(var.georeplications, {})
    		48 | 
    		49 |     content {
    		50 |       location = var.global_settings.regions[georeplications.key]
    		51 |       tags     = try(georeplications.value.tags)
    		52 |     }
    		53 |   }
    		54 | }
    
    Check: CKV_AZURE_167: "Ensure a retention policy is set to cleanup untagged manifests."
    	FAILED for resource: module.example.module.container_registry.azurerm_container_registry.acr
    	File: /modules/compute/container_registry/registry.tf:11-54
    	Calling File: /compute_container_registry.tf:1-28
    
    		11 | resource "azurerm_container_registry" "acr" {
    		12 |   name                = azurecaf_name.acr.result
    		13 |   resource_group_name = local.resource_group_name
    		14 |   location            = local.location
    		15 |   sku                 = var.sku
    		16 |   admin_enabled       = var.admin_enabled
    		17 |   tags                = local.tags
    		18 | 
    		19 |   public_network_access_enabled = var.public_network_access_enabled
    		20 | 
    		21 |   dynamic "network_rule_set" {
    		22 |     for_each = try(var.network_rule_set, {})
    		23 | 
    		24 |     content {
    		25 |       default_action = try(network_rule_set.value.default_action, "Allow")
    		26 | 
    		27 |       dynamic "ip_rule" {
    		28 |         for_each = try(network_rule_set.value.ip_rules, {})
    		29 | 
    		30 |         content {
    		31 |           action   = "Allow"
    		32 |           ip_range = ip_rule.value.ip_range
    		33 |         }
    		34 |       }
    		35 |       dynamic "virtual_network" {
    		36 |         for_each = try(network_rule_set.value.virtual_networks, {})
    		37 | 
    		38 |         content {
    		39 |           action    = "Allow"
    		40 |           subnet_id = can(virtual_network.value.subnet_id) ? virtual_network.value.subnet_id : var.vnets[try(virtual_network.value.lz_key, var.client_config.landingzone_key)][virtual_network.value.vnet_key].subnets[virtual_network.value.subnet_key].id
    		41 |         }
    		42 |       }
    		43 |     }
    		44 |   }
    		45 | 
    		46 |   dynamic "georeplications" {
    		47 |     for_each = try(var.georeplications, {})
    		48 | 
    		49 |     content {
    		50 |       location = var.global_settings.regions[georeplications.key]
    		51 |       tags     = try(georeplications.value.tags)
    		52 |     }
    		53 |   }
    		54 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_key_vault_secret.ssh_private_key
    	File: /modules/compute/virtual_machine/admin_ssh_key.tf:12-24
    	Calling File: /compute_virtual_machines.tf:3-48
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		12 | resource "azurerm_key_vault_secret" "ssh_private_key" {
    		13 |   for_each = local.create_sshkeys ? var.settings.virtual_machine_settings : {}
    		14 | 
    		15 |   name         = can(azurecaf_name.legacy_computer_name[each.key].result) ? format("%s-ssh-private-key", azurecaf_name.legacy_computer_name[each.key].result) : format("%s-ssh-private-key", data.azurecaf_name.linux_computer_name[each.key].result)
    		16 |   value        = tls_private_key.ssh[each.key].private_key_pem
    		17 |   key_vault_id = local.keyvault.id
    		18 | 
    		19 |   lifecycle {
    		20 |     ignore_changes = [
    		21 |       name, value, key_vault_id
    		22 |     ]
    		23 |   }
    		24 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_key_vault_secret.ssh_private_key
    	File: /modules/compute/virtual_machine/admin_ssh_key.tf:12-24
    	Calling File: /compute_virtual_machines.tf:3-48
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		12 | resource "azurerm_key_vault_secret" "ssh_private_key" {
    		13 |   for_each = local.create_sshkeys ? var.settings.virtual_machine_settings : {}
    		14 | 
    		15 |   name         = can(azurecaf_name.legacy_computer_name[each.key].result) ? format("%s-ssh-private-key", azurecaf_name.legacy_computer_name[each.key].result) : format("%s-ssh-private-key", data.azurecaf_name.linux_computer_name[each.key].result)
    		16 |   value        = tls_private_key.ssh[each.key].private_key_pem
    		17 |   key_vault_id = local.keyvault.id
    		18 | 
    		19 |   lifecycle {
    		20 |     ignore_changes = [
    		21 |       name, value, key_vault_id
    		22 |     ]
    		23 |   }
    		24 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_key_vault_secret.ssh_public_key_openssh
    	File: /modules/compute/virtual_machine/admin_ssh_key.tf:26-38
    	Calling File: /compute_virtual_machines.tf:3-48
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		26 | resource "azurerm_key_vault_secret" "ssh_public_key_openssh" {
    		27 |   for_each = local.create_sshkeys ? var.settings.virtual_machine_settings : {}
    		28 | 
    		29 |   name         = can(azurecaf_name.legacy_computer_name[each.key].result) ? format("%s-ssh-public-key-openssh", azurecaf_name.legacy_computer_name[each.key].result) : format("%s-ssh-public-key-openssh", data.azurecaf_name.linux_computer_name[each.key].result)
    		30 |   value        = tls_private_key.ssh[each.key].public_key_openssh
    		31 |   key_vault_id = local.keyvault.id
    		32 | 
    		33 |   lifecycle {
    		34 |     ignore_changes = [
    		35 |       name, value, key_vault_id
    		36 |     ]
    		37 |   }
    		38 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_key_vault_secret.ssh_public_key_openssh
    	File: /modules/compute/virtual_machine/admin_ssh_key.tf:26-38
    	Calling File: /compute_virtual_machines.tf:3-48
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		26 | resource "azurerm_key_vault_secret" "ssh_public_key_openssh" {
    		27 |   for_each = local.create_sshkeys ? var.settings.virtual_machine_settings : {}
    		28 | 
    		29 |   name         = can(azurecaf_name.legacy_computer_name[each.key].result) ? format("%s-ssh-public-key-openssh", azurecaf_name.legacy_computer_name[each.key].result) : format("%s-ssh-public-key-openssh", data.azurecaf_name.linux_computer_name[each.key].result)
    		30 |   value        = tls_private_key.ssh[each.key].public_key_openssh
    		31 |   key_vault_id = local.keyvault.id
    		32 | 
    		33 |   lifecycle {
    		34 |     ignore_changes = [
    		35 |       name, value, key_vault_id
    		36 |     ]
    		37 |   }
    		38 | }
    
    Check: CKV_AZURE_50: "Ensure Virtual Machine Extensions are not Installed"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_linux_virtual_machine.vm
    	File: /modules/compute/virtual_machine/vm_linux.tf:49-203
    	Calling File: /compute_virtual_machines.tf:3-48
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/bc-azr-general-14.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_179: "Ensure VM agent is installed"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_linux_virtual_machine.vm
    	File: /modules/compute/virtual_machine/vm_linux.tf:49-203
    	Calling File: /compute_virtual_machines.tf:3-48
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_50: "Ensure Virtual Machine Extensions are not Installed"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_windows_virtual_machine.vm
    	File: /modules/compute/virtual_machine/vm_windows.tf:40-189
    	Calling File: /compute_virtual_machines.tf:3-48
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/bc-azr-general-14.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_151: "Ensure Windows VM enables encryption"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_windows_virtual_machine.vm
    	File: /modules/compute/virtual_machine/vm_windows.tf:40-189
    	Calling File: /compute_virtual_machines.tf:3-48
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-iam-policies/ensure-azure-windows-vm-enables-encryption.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_179: "Ensure VM agent is installed"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_windows_virtual_machine.vm
    	File: /modules/compute/virtual_machine/vm_windows.tf:40-189
    	Calling File: /compute_virtual_machines.tf:3-48
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_177: "Ensure Windows VM enables automatic updates"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_windows_virtual_machine.vm
    	File: /modules/compute/virtual_machine/vm_windows.tf:40-189
    	Calling File: /compute_virtual_machines.tf:3-48
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_key_vault_secret.admin_password
    	File: /modules/compute/virtual_machine/vm_windows.tf:202-214
    	Calling File: /compute_virtual_machines.tf:3-48
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		202 | resource "azurerm_key_vault_secret" "admin_password" {
    		203 |   for_each = local.os_type == "windows" && try(var.settings.virtual_machine_settings[local.os_type].admin_password_key, null) == null ? var.settings.virtual_machine_settings : {}
    		204 | 
    		205 |   name         = format("%s-admin-password", data.azurecaf_name.windows_computer_name[each.key].result)
    		206 |   value        = random_password.admin[local.os_type].result
    		207 |   key_vault_id = local.keyvault.id
    		208 | 
    		209 |   lifecycle {
    		210 |     ignore_changes = [
    		211 |       name, value, key_vault_id
    		212 |     ]
    		213 |   }
    		214 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_key_vault_secret.admin_password
    	File: /modules/compute/virtual_machine/vm_windows.tf:202-214
    	Calling File: /compute_virtual_machines.tf:3-48
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		202 | resource "azurerm_key_vault_secret" "admin_password" {
    		203 |   for_each = local.os_type == "windows" && try(var.settings.virtual_machine_settings[local.os_type].admin_password_key, null) == null ? var.settings.virtual_machine_settings : {}
    		204 | 
    		205 |   name         = format("%s-admin-password", data.azurecaf_name.windows_computer_name[each.key].result)
    		206 |   value        = random_password.admin[local.os_type].result
    		207 |   key_vault_id = local.keyvault.id
    		208 | 
    		209 |   lifecycle {
    		210 |     ignore_changes = [
    		211 |       name, value, key_vault_id
    		212 |     ]
    		213 |   }
    		214 | }
    
    Check: CKV_AZURE_97: "Ensure that Virtual machine scale sets have encryption at host enabled"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_linux_virtual_machine_scale_set.vmss
    	File: /modules/compute/virtual_machine_scale_set/vmss_linux.tf:64-253
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machine-scale-sets-have-encryption-at-host-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_179: "Ensure VM agent is installed"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_linux_virtual_machine_scale_set.vmss
    	File: /modules/compute/virtual_machine_scale_set/vmss_linux.tf:64-253
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_49: "Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_linux_virtual_machine_scale_set.vmss
    	File: /modules/compute/virtual_machine_scale_set/vmss_linux.tf:64-253
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/bc-azr-general-13.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_97: "Ensure that Virtual machine scale sets have encryption at host enabled"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_linux_virtual_machine_scale_set.vmss_autoscaled
    	File: /modules/compute/virtual_machine_scale_set/vmss_linux.tf:255-450
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machine-scale-sets-have-encryption-at-host-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_179: "Ensure VM agent is installed"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_linux_virtual_machine_scale_set.vmss_autoscaled
    	File: /modules/compute/virtual_machine_scale_set/vmss_linux.tf:255-450
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_49: "Ensure Azure linux scale set does not use basic authentication(Use SSH Key Instead)"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_linux_virtual_machine_scale_set.vmss_autoscaled
    	File: /modules/compute/virtual_machine_scale_set/vmss_linux.tf:255-450
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/bc-azr-general-13.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_key_vault_secret.ssh_private_key
    	File: /modules/compute/virtual_machine_scale_set/vmss_linux.tf:456-468
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		456 | resource "azurerm_key_vault_secret" "ssh_private_key" {
    		457 |   for_each = local.create_sshkeys ? var.settings.vmss_settings : {}
    		458 | 
    		459 |   name         = format("%s-ssh-private-key", azurecaf_name.linux_computer_name_prefix[each.key].result)
    		460 |   value        = tls_private_key.ssh[each.key].private_key_pem
    		461 |   key_vault_id = local.keyvault.id
    		462 | 
    		463 |   lifecycle {
    		464 |     ignore_changes = [
    		465 |       value
    		466 |     ]
    		467 |   }
    		468 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_key_vault_secret.ssh_private_key
    	File: /modules/compute/virtual_machine_scale_set/vmss_linux.tf:456-468
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		456 | resource "azurerm_key_vault_secret" "ssh_private_key" {
    		457 |   for_each = local.create_sshkeys ? var.settings.vmss_settings : {}
    		458 | 
    		459 |   name         = format("%s-ssh-private-key", azurecaf_name.linux_computer_name_prefix[each.key].result)
    		460 |   value        = tls_private_key.ssh[each.key].private_key_pem
    		461 |   key_vault_id = local.keyvault.id
    		462 | 
    		463 |   lifecycle {
    		464 |     ignore_changes = [
    		465 |       value
    		466 |     ]
    		467 |   }
    		468 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_key_vault_secret.ssh_public_key_openssh
    	File: /modules/compute/virtual_machine_scale_set/vmss_linux.tf:471-483
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		471 | resource "azurerm_key_vault_secret" "ssh_public_key_openssh" {
    		472 |   for_each = local.create_sshkeys ? var.settings.vmss_settings : {}
    		473 | 
    		474 |   name         = format("%s-ssh-public-key-openssh", azurecaf_name.linux_computer_name_prefix[each.key].result)
    		475 |   value        = tls_private_key.ssh[each.key].public_key_openssh
    		476 |   key_vault_id = local.keyvault.id
    		477 | 
    		478 |   lifecycle {
    		479 |     ignore_changes = [
    		480 |       value
    		481 |     ]
    		482 |   }
    		483 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_key_vault_secret.ssh_public_key_openssh
    	File: /modules/compute/virtual_machine_scale_set/vmss_linux.tf:471-483
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		471 | resource "azurerm_key_vault_secret" "ssh_public_key_openssh" {
    		472 |   for_each = local.create_sshkeys ? var.settings.vmss_settings : {}
    		473 | 
    		474 |   name         = format("%s-ssh-public-key-openssh", azurecaf_name.linux_computer_name_prefix[each.key].result)
    		475 |   value        = tls_private_key.ssh[each.key].public_key_openssh
    		476 |   key_vault_id = local.keyvault.id
    		477 | 
    		478 |   lifecycle {
    		479 |     ignore_changes = [
    		480 |       value
    		481 |     ]
    		482 |   }
    		483 | }
    
    Check: CKV_AZURE_97: "Ensure that Virtual machine scale sets have encryption at host enabled"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_windows_virtual_machine_scale_set.vmss
    	File: /modules/compute/virtual_machine_scale_set/vmss_windows.tf:59-288
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machine-scale-sets-have-encryption-at-host-enabled.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_179: "Ensure VM agent is installed"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_windows_virtual_machine_scale_set.vmss
    	File: /modules/compute/virtual_machine_scale_set/vmss_windows.tf:59-288
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_key_vault_secret.admin_password
    	File: /modules/compute/virtual_machine_scale_set/vmss_windows.tf:302-314
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		302 | resource "azurerm_key_vault_secret" "admin_password" {
    		303 |   for_each = local.os_type == "windows" && try(var.settings.vmss_settings[local.os_type].admin_password_key, null) == null ? var.settings.vmss_settings : {}
    		304 | 
    		305 |   name         = format("%s-admin-password", azurecaf_name.windows_computer_name_prefix[each.key].result)
    		306 |   value        = random_password.admin[local.os_type].result
    		307 |   key_vault_id = local.keyvault.id
    		308 | 
    		309 |   lifecycle {
    		310 |     ignore_changes = [
    		311 |       value
    		312 |     ]
    		313 |   }
    		314 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.virtual_machine_scale_sets.azurerm_key_vault_secret.admin_password
    	File: /modules/compute/virtual_machine_scale_set/vmss_windows.tf:302-314
    	Calling File: /compute_virtual_machines_scale_sets.tf:3-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		302 | resource "azurerm_key_vault_secret" "admin_password" {
    		303 |   for_each = local.os_type == "windows" && try(var.settings.vmss_settings[local.os_type].admin_password_key, null) == null ? var.settings.vmss_settings : {}
    		304 | 
    		305 |   name         = format("%s-admin-password", azurecaf_name.windows_computer_name_prefix[each.key].result)
    		306 |   value        = random_password.admin[local.os_type].result
    		307 |   key_vault_id = local.keyvault.id
    		308 | 
    		309 |   lifecycle {
    		310 |     ignore_changes = [
    		311 |       value
    		312 |     ]
    		313 |   }
    		314 | }
    
    Check: CKV_AZURE_186: "Ensure App configuration encryption block is set."
    	FAILED for resource: module.example.module.app_config.azurerm_app_configuration.config
    	File: /modules/databases/app_config/app_config.tf:14-30
    	Calling File: /app_config.tf:1-16
    
    		14 | resource "azurerm_app_configuration" "config" {
    		15 |   name                  = azurecaf_name.app_config.result
    		16 |   resource_group_name   = local.resource_group_name
    		17 |   sku                   = try(var.settings.sku_name, "standard")
    		18 |   local_auth_enabled    = try(var.settings.local_auth_enabled, null)
    		19 |   public_network_access = try(var.settings.public_network_access, null)
    		20 |   location              = local.location
    		21 |   tags                  = merge(local.tags, try(var.settings.tags, {}))
    		22 | 
    		23 |   dynamic "identity" {
    		24 |     for_each = lookup(var.settings, "identity", {}) == {} ? [] : [1]
    		25 | 
    		26 |     content {
    		27 |       type = var.settings.identity.type
    		28 |     }
    		29 |   }
    		30 | }
    
    Check: CKV_AZURE_187: "Ensure App configuration purge protection is enabled"
    	FAILED for resource: module.example.module.app_config.azurerm_app_configuration.config
    	File: /modules/databases/app_config/app_config.tf:14-30
    	Calling File: /app_config.tf:1-16
    
    		14 | resource "azurerm_app_configuration" "config" {
    		15 |   name                  = azurecaf_name.app_config.result
    		16 |   resource_group_name   = local.resource_group_name
    		17 |   sku                   = try(var.settings.sku_name, "standard")
    		18 |   local_auth_enabled    = try(var.settings.local_auth_enabled, null)
    		19 |   public_network_access = try(var.settings.public_network_access, null)
    		20 |   location              = local.location
    		21 |   tags                  = merge(local.tags, try(var.settings.tags, {}))
    		22 | 
    		23 |   dynamic "identity" {
    		24 |     for_each = lookup(var.settings, "identity", {}) == {} ? [] : [1]
    		25 | 
    		26 |     content {
    		27 |       type = var.settings.identity.type
    		28 |     }
    		29 |   }
    		30 | }
    
    Check: CKV_AZURE_100: "Ensure that Cosmos DB accounts have customer-managed keys to encrypt data at rest"
    	FAILED for resource: module.example.module.cosmos_dbs.azurerm_cosmosdb_account.cosmos_account
    	File: /modules/databases/cosmos_dbs/cosmosdb_account.tf:12-73
    	Calling File: /cosmos_db.tf:1-17
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-cosmos-db-accounts-have-customer-managed-keys-to-encrypt-data-at-rest.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_48: "Ensure 'public network access enabled' is set to 'False' for MariaDB servers"
    	FAILED for resource: module.example.module.mariadb_servers.azurerm_mariadb_server.mariadb
    	File: /modules/databases/mariadb_server/server.tf:1-22
    	Calling File: /mariadb_servers.tf:7-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/public-policies-1/bc-azr-public-1.html
    
    		1  | resource "azurerm_mariadb_server" "mariadb" {
    		2  |   name                = azurecaf_name.mariadb.result
    		3  |   location            = local.location
    		4  |   resource_group_name = local.resource_group_name
    		5  | 
    		6  |   administrator_login          = var.settings.administrator_login
    		7  |   administrator_login_password = try(var.settings.administrator_login_password, azurerm_key_vault_secret.mariadb_admin_password.0.value)
    		8  | 
    		9  |   sku_name   = var.settings.sku_name
    		10 |   storage_mb = var.settings.storage_mb
    		11 |   version    = var.settings.version
    		12 | 
    		13 |   auto_grow_enabled                = try(var.settings.auto_grow_enabled, true)
    		14 |   backup_retention_days            = try(var.settings.backup_retention_days, null)
    		15 |   geo_redundant_backup_enabled     = try(var.settings.geo_redundant_backup_enabled, null)
    		16 |   public_network_access_enabled    = try(var.settings.public_network_access_enabled, false)
    		17 |   ssl_enforcement_enabled          = try(var.settings.ssl_enforcement_enabled, true)
    		18 |   ssl_minimal_tls_version_enforced = try(var.settings.ssl_minimal_tls_version_enforced, "TLS1_2")
    		19 |   create_mode                      = try(var.settings.create_mode, "Default")
    		20 |   creation_source_server_id        = try(var.settings.creation_source_server_id, null)
    		21 |   tags                             = local.tags
    		22 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mariadb_servers.azurerm_key_vault_secret.mariadb_admin_password
    	File: /modules/databases/mariadb_server/server.tf:36-48
    	Calling File: /mariadb_servers.tf:7-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		36 | resource "azurerm_key_vault_secret" "mariadb_admin_password" {
    		37 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		38 | 
    		39 |   name         = format("%s-password", azurecaf_name.mariadb.result)
    		40 |   value        = random_password.mariadb_admin.0.result
    		41 |   key_vault_id = var.keyvault_id
    		42 | 
    		43 |   lifecycle {
    		44 |     ignore_changes = [
    		45 |       value
    		46 |     ]
    		47 |   }
    		48 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mariadb_servers.azurerm_key_vault_secret.mariadb_admin_password
    	File: /modules/databases/mariadb_server/server.tf:36-48
    	Calling File: /mariadb_servers.tf:7-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		36 | resource "azurerm_key_vault_secret" "mariadb_admin_password" {
    		37 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		38 | 
    		39 |   name         = format("%s-password", azurecaf_name.mariadb.result)
    		40 |   value        = random_password.mariadb_admin.0.result
    		41 |   key_vault_id = var.keyvault_id
    		42 | 
    		43 |   lifecycle {
    		44 |     ignore_changes = [
    		45 |       value
    		46 |     ]
    		47 |   }
    		48 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mariadb_servers.azurerm_key_vault_secret.mariadb_admin
    	File: /modules/databases/mariadb_server/server.tf:50-56
    	Calling File: /mariadb_servers.tf:7-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		50 | resource "azurerm_key_vault_secret" "mariadb_admin" {
    		51 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		52 | 
    		53 |   name         = format("%s-username", azurecaf_name.mariadb.result)
    		54 |   value        = var.settings.administrator_login
    		55 |   key_vault_id = var.keyvault_id
    		56 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mariadb_servers.azurerm_key_vault_secret.mariadb_admin
    	File: /modules/databases/mariadb_server/server.tf:50-56
    	Calling File: /mariadb_servers.tf:7-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		50 | resource "azurerm_key_vault_secret" "mariadb_admin" {
    		51 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		52 | 
    		53 |   name         = format("%s-username", azurecaf_name.mariadb.result)
    		54 |   value        = var.settings.administrator_login
    		55 |   key_vault_id = var.keyvault_id
    		56 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mariadb_servers.azurerm_key_vault_secret.mariadb_admin_login_name
    	File: /modules/databases/mariadb_server/server.tf:58-64
    	Calling File: /mariadb_servers.tf:7-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		58 | resource "azurerm_key_vault_secret" "mariadb_admin_login_name" {
    		59 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		60 | 
    		61 |   name         = format("%s-login-name", azurecaf_name.mariadb.result)
    		62 |   value        = format("%s@%s", var.settings.administrator_login, azurerm_mariadb_server.mariadb.fqdn)
    		63 |   key_vault_id = var.keyvault_id
    		64 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mariadb_servers.azurerm_key_vault_secret.mariadb_admin_login_name
    	File: /modules/databases/mariadb_server/server.tf:58-64
    	Calling File: /mariadb_servers.tf:7-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		58 | resource "azurerm_key_vault_secret" "mariadb_admin_login_name" {
    		59 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		60 | 
    		61 |   name         = format("%s-login-name", azurecaf_name.mariadb.result)
    		62 |   value        = format("%s@%s", var.settings.administrator_login, azurerm_mariadb_server.mariadb.fqdn)
    		63 |   key_vault_id = var.keyvault_id
    		64 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mariadb_servers.azurerm_key_vault_secret.mariadb_fqdn
    	File: /modules/databases/mariadb_server/server.tf:66-72
    	Calling File: /mariadb_servers.tf:7-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		66 | resource "azurerm_key_vault_secret" "mariadb_fqdn" {
    		67 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		68 | 
    		69 |   name         = format("%s-fqdn", azurecaf_name.mariadb.result)
    		70 |   value        = azurerm_mariadb_server.mariadb.fqdn
    		71 |   key_vault_id = var.keyvault_id
    		72 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mariadb_servers.azurerm_key_vault_secret.mariadb_fqdn
    	File: /modules/databases/mariadb_server/server.tf:66-72
    	Calling File: /mariadb_servers.tf:7-31
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		66 | resource "azurerm_key_vault_secret" "mariadb_fqdn" {
    		67 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		68 | 
    		69 |   name         = format("%s-fqdn", azurecaf_name.mariadb.result)
    		70 |   value        = azurerm_mariadb_server.mariadb.fqdn
    		71 |   key_vault_id = var.keyvault_id
    		72 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mssql_managed_instances_secondary_v1.azurerm_key_vault_secret.sqlmi_admin_password
    	File: /modules/databases/mssql_managed_instance_v1/managed_instance.tf:94-106
    	Calling File: /msssql_managed_instances_v1.tf:44-65
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		94  | resource "azurerm_key_vault_secret" "sqlmi_admin_password" {
    		95  |   count        = can(var.settings.administrator_login_password) ? 0 : 1
    		96  |   name         = format("%s-password", azurerm_mssql_managed_instance.mssqlmi.name)
    		97  |   value        = random_password.sqlmi_admin.0.result
    		98  |   key_vault_id = var.keyvault.id
    		99  |   tags         = local.tags
    		100 | 
    		101 |   lifecycle {
    		102 |     replace_triggered_by = [
    		103 |       random_password.sqlmi_admin.0.id
    		104 |     ]
    		105 |   }
    		106 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mssql_managed_instances_secondary_v1.azurerm_key_vault_secret.sqlmi_admin_password
    	File: /modules/databases/mssql_managed_instance_v1/managed_instance.tf:94-106
    	Calling File: /msssql_managed_instances_v1.tf:44-65
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		94  | resource "azurerm_key_vault_secret" "sqlmi_admin_password" {
    		95  |   count        = can(var.settings.administrator_login_password) ? 0 : 1
    		96  |   name         = format("%s-password", azurerm_mssql_managed_instance.mssqlmi.name)
    		97  |   value        = random_password.sqlmi_admin.0.result
    		98  |   key_vault_id = var.keyvault.id
    		99  |   tags         = local.tags
    		100 | 
    		101 |   lifecycle {
    		102 |     replace_triggered_by = [
    		103 |       random_password.sqlmi_admin.0.id
    		104 |     ]
    		105 |   }
    		106 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mssql_managed_instances_v1.azurerm_key_vault_secret.sqlmi_admin_password
    	File: /modules/databases/mssql_managed_instance_v1/managed_instance.tf:94-106
    	Calling File: /msssql_managed_instances_v1.tf:21-42
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		94  | resource "azurerm_key_vault_secret" "sqlmi_admin_password" {
    		95  |   count        = can(var.settings.administrator_login_password) ? 0 : 1
    		96  |   name         = format("%s-password", azurerm_mssql_managed_instance.mssqlmi.name)
    		97  |   value        = random_password.sqlmi_admin.0.result
    		98  |   key_vault_id = var.keyvault.id
    		99  |   tags         = local.tags
    		100 | 
    		101 |   lifecycle {
    		102 |     replace_triggered_by = [
    		103 |       random_password.sqlmi_admin.0.id
    		104 |     ]
    		105 |   }
    		106 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mssql_managed_instances_v1.azurerm_key_vault_secret.sqlmi_admin_password
    	File: /modules/databases/mssql_managed_instance_v1/managed_instance.tf:94-106
    	Calling File: /msssql_managed_instances_v1.tf:21-42
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		94  | resource "azurerm_key_vault_secret" "sqlmi_admin_password" {
    		95  |   count        = can(var.settings.administrator_login_password) ? 0 : 1
    		96  |   name         = format("%s-password", azurerm_mssql_managed_instance.mssqlmi.name)
    		97  |   value        = random_password.sqlmi_admin.0.result
    		98  |   key_vault_id = var.keyvault.id
    		99  |   tags         = local.tags
    		100 | 
    		101 |   lifecycle {
    		102 |     replace_triggered_by = [
    		103 |       random_password.sqlmi_admin.0.id
    		104 |     ]
    		105 |   }
    		106 | }
    
    Check: CKV_AZURE_25: "Ensure that 'Threat Detection types' is set to 'All'"
    	FAILED for resource: module.example.module.mssql_servers.azurerm_mssql_server_security_alert_policy.mssql[0]
    	File: /modules/databases/mssql_server/security_alert.tf:15-27
    	Calling File: /mssql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/bc-azr-general-6.html
    
    		15 | resource "azurerm_mssql_server_security_alert_policy" "mssql" {
    		16 |   count = try(var.settings.security_alert_policy, null) == null ? 0 : 1
    		17 | 
    		18 |   resource_group_name        = local.resource_group_name
    		19 |   server_name                = azurerm_mssql_server.mssql.name
    		20 |   state                      = try(var.settings.state, "Enabled")
    		21 |   storage_endpoint           = data.azurerm_storage_account.mssql_security_alert.0.primary_blob_endpoint
    		22 |   storage_account_access_key = data.azurerm_storage_account.mssql_security_alert.0.primary_access_key
    		23 |   disabled_alerts            = try(var.settings.disabled_alerts, null)
    		24 |   email_account_admins       = try(var.settings.email_subscription_admins, false)
    		25 |   email_addresses            = try(var.settings.email_addresses, null)
    		26 |   retention_days             = try(var.settings.retention_days, 0)
    		27 | }
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mssql_servers.azurerm_key_vault_secret.sql_admin_password
    	File: /modules/databases/mssql_server/server.tf:73-85
    	Calling File: /mssql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		73 | resource "azurerm_key_vault_secret" "sql_admin_password" {
    		74 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		75 | 
    		76 |   name         = can(var.settings.keyvault_secret_name) ? var.settings.keyvault_secret_name : format("%s-password", azurecaf_name.mssql.result)
    		77 |   value        = random_password.sql_admin.0.result
    		78 |   key_vault_id = var.keyvault_id
    		79 | 
    		80 |   lifecycle {
    		81 |     ignore_changes = [
    		82 |       value
    		83 |     ]
    		84 |   }
    		85 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mssql_servers.azurerm_key_vault_secret.sql_admin_password
    	File: /modules/databases/mssql_server/server.tf:73-85
    	Calling File: /mssql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		73 | resource "azurerm_key_vault_secret" "sql_admin_password" {
    		74 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		75 | 
    		76 |   name         = can(var.settings.keyvault_secret_name) ? var.settings.keyvault_secret_name : format("%s-password", azurecaf_name.mssql.result)
    		77 |   value        = random_password.sql_admin.0.result
    		78 |   key_vault_id = var.keyvault_id
    		79 | 
    		80 |   lifecycle {
    		81 |     ignore_changes = [
    		82 |       value
    		83 |     ]
    		84 |   }
    		85 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mysql_flexible_server.azurerm_key_vault_secret.mysql_database_name
    	File: /modules/databases/mysql_flexible_server/database.tf:30-36
    	Calling File: /mysql_flexible_servers.tf:6-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		30 | resource "azurerm_key_vault_secret" "mysql_database_name" {
    		31 |   for_each = { for key, value in var.settings.mysql_databases : key => value if can(var.settings.keyvault) }
    		32 | 
    		33 |   name         = format("%s-ON-%s", azurerm_mysql_flexible_server.mysql.name, each.value.name)
    		34 |   value        = each.value.name
    		35 |   key_vault_id = var.remote_objects.keyvault_id
    		36 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mysql_flexible_server.azurerm_key_vault_secret.mysql_database_name
    	File: /modules/databases/mysql_flexible_server/database.tf:30-36
    	Calling File: /mysql_flexible_servers.tf:6-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		30 | resource "azurerm_key_vault_secret" "mysql_database_name" {
    		31 |   for_each = { for key, value in var.settings.mysql_databases : key => value if can(var.settings.keyvault) }
    		32 | 
    		33 |   name         = format("%s-ON-%s", azurerm_mysql_flexible_server.mysql.name, each.value.name)
    		34 |   value        = each.value.name
    		35 |   key_vault_id = var.remote_objects.keyvault_id
    		36 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mysql_flexible_server.azurerm_key_vault_secret.mysql_administrator_username
    	File: /modules/databases/mysql_flexible_server/server.tf:72-84
    	Calling File: /mysql_flexible_servers.tf:6-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		72 | resource "azurerm_key_vault_secret" "mysql_administrator_username" {
    		73 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		74 | 
    		75 |   name         = format("%s-mysql-administrator-username", azurecaf_name.mysql_flexible_server.result)
    		76 |   value        = try(var.settings.administrator_username, "psqladmin")
    		77 |   key_vault_id = var.remote_objects.keyvault_id
    		78 | 
    		79 |   lifecycle {
    		80 |     ignore_changes = [
    		81 |       value
    		82 |     ]
    		83 |   }
    		84 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mysql_flexible_server.azurerm_key_vault_secret.mysql_administrator_username
    	File: /modules/databases/mysql_flexible_server/server.tf:72-84
    	Calling File: /mysql_flexible_servers.tf:6-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		72 | resource "azurerm_key_vault_secret" "mysql_administrator_username" {
    		73 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		74 | 
    		75 |   name         = format("%s-mysql-administrator-username", azurecaf_name.mysql_flexible_server.result)
    		76 |   value        = try(var.settings.administrator_username, "psqladmin")
    		77 |   key_vault_id = var.remote_objects.keyvault_id
    		78 | 
    		79 |   lifecycle {
    		80 |     ignore_changes = [
    		81 |       value
    		82 |     ]
    		83 |   }
    		84 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mysql_flexible_server.azurerm_key_vault_secret.mysql_administrator_password
    	File: /modules/databases/mysql_flexible_server/server.tf:98-110
    	Calling File: /mysql_flexible_servers.tf:6-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		98  | resource "azurerm_key_vault_secret" "mysql_administrator_password" {
    		99  |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		100 | 
    		101 |   name         = format("%s-mysql-administrator-password", azurecaf_name.mysql_flexible_server.result)
    		102 |   value        = try(var.settings.administrator_password, random_password.mysql_administrator_password.0.result)
    		103 |   key_vault_id = var.remote_objects.keyvault_id
    		104 | 
    		105 |   lifecycle {
    		106 |     ignore_changes = [
    		107 |       value
    		108 |     ]
    		109 |   }
    		110 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mysql_flexible_server.azurerm_key_vault_secret.mysql_administrator_password
    	File: /modules/databases/mysql_flexible_server/server.tf:98-110
    	Calling File: /mysql_flexible_servers.tf:6-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		98  | resource "azurerm_key_vault_secret" "mysql_administrator_password" {
    		99  |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		100 | 
    		101 |   name         = format("%s-mysql-administrator-password", azurecaf_name.mysql_flexible_server.result)
    		102 |   value        = try(var.settings.administrator_password, random_password.mysql_administrator_password.0.result)
    		103 |   key_vault_id = var.remote_objects.keyvault_id
    		104 | 
    		105 |   lifecycle {
    		106 |     ignore_changes = [
    		107 |       value
    		108 |     ]
    		109 |   }
    		110 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mysql_flexible_server.azurerm_key_vault_secret.mysql_fqdn
    	File: /modules/databases/mysql_flexible_server/server.tf:113-119
    	Calling File: /mysql_flexible_servers.tf:6-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		113 | resource "azurerm_key_vault_secret" "mysql_fqdn" {
    		114 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		115 | 
    		116 |   name         = format("%s-mysql-fqdn", azurecaf_name.mysql_flexible_server.result)
    		117 |   value        = azurerm_mysql_flexible_server.mysql.fqdn
    		118 |   key_vault_id = var.remote_objects.keyvault_id
    		119 | }
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mysql_flexible_server.azurerm_key_vault_secret.mysql_fqdn
    	File: /modules/databases/mysql_flexible_server/server.tf:113-119
    	Calling File: /mysql_flexible_servers.tf:6-26
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		113 | resource "azurerm_key_vault_secret" "mysql_fqdn" {
    		114 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		115 | 
    		116 |   name         = format("%s-mysql-fqdn", azurecaf_name.mysql_flexible_server.result)
    		117 |   value        = azurerm_mysql_flexible_server.mysql.fqdn
    		118 |   key_vault_id = var.remote_objects.keyvault_id
    		119 | }
    Check: CKV_AZURE_127: "Ensure that My SQL server enables Threat detection policy"
    	FAILED for resource: module.example.module.mysql_servers.azurerm_mysql_server.mysql
    	File: /modules/databases/mysql_server/server.tf:1-33
    	Calling File: /mysql_servers.tf:7-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-my-sql-server-enables-threat-detection-policy.html
    
    		1  | resource "azurerm_mysql_server" "mysql" {
    		2  | 
    		3  |   name                = azurecaf_name.mysql.result
    		4  |   resource_group_name = local.resource_group_name
    		5  |   location            = local.location
    		6  |   version             = var.settings.version
    		7  |   sku_name            = var.settings.sku_name
    		8  | 
    		9  |   administrator_login          = var.settings.administrator_login
    		10 |   administrator_login_password = try(var.settings.administrator_login_password, azurerm_key_vault_secret.mysql_admin_password.0.value)
    		11 | 
    		12 |   auto_grow_enabled                 = try(var.settings.auto_grow_enabled, true)
    		13 |   storage_mb                        = var.settings.storage_mb
    		14 |   backup_retention_days             = try(var.settings.backup_retention_days, null)
    		15 |   create_mode                       = try(var.settings.create_mode, "Default")
    		16 |   creation_source_server_id         = try(var.settings.creation_source_server_id, null)
    		17 |   geo_redundant_backup_enabled      = try(var.settings.geo_redundant_backup_enabled, null)
    		18 |   infrastructure_encryption_enabled = try(var.settings.infrastructure_encryption_enabled, false)
    		19 |   restore_point_in_time             = try(var.settings.restore_point_in_time, null)
    		20 |   public_network_access_enabled     = try(var.settings.public_network_access_enabled, true)
    		21 |   ssl_enforcement_enabled           = try(var.settings.ssl_enforcement_enabled, true)
    		22 |   ssl_minimal_tls_version_enforced  = try(var.settings.ssl_minimal_tls_version_enforced, "TLSEnforcementDisabled")
    		23 |   tags                              = local.tags
    		24 | 
    		25 |   dynamic "identity" {
    		26 |     for_each = lookup(var.settings, "identity", {}) == {} ? [] : [1]
    		27 | 
    		28 |     content {
    		29 |       type = var.settings.identity.type
    		30 |     }
    		31 |   }
    		32 | 
    		33 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mysql_servers.azurerm_key_vault_secret.mysql_admin_password
    	File: /modules/databases/mysql_server/server.tf:55-67
    	Calling File: /mysql_servers.tf:7-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		55 | resource "azurerm_key_vault_secret" "mysql_admin_password" {
    		56 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		57 | 
    		58 |   name         = format("%s-password", azurecaf_name.mysql.result)
    		59 |   value        = random_password.mysql_admin.0.result
    		60 |   key_vault_id = var.keyvault_id
    		61 | 
    		62 |   lifecycle {
    		63 |     ignore_changes = [
    		64 |       value
    		65 |     ]
    		66 |   }
    		67 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mysql_servers.azurerm_key_vault_secret.mysql_admin_password
    	File: /modules/databases/mysql_server/server.tf:55-67
    	Calling File: /mysql_servers.tf:7-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		55 | resource "azurerm_key_vault_secret" "mysql_admin_password" {
    		56 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		57 | 
    		58 |   name         = format("%s-password", azurecaf_name.mysql.result)
    		59 |   value        = random_password.mysql_admin.0.result
    		60 |   key_vault_id = var.keyvault_id
    		61 | 
    		62 |   lifecycle {
    		63 |     ignore_changes = [
    		64 |       value
    		65 |     ]
    		66 |   }
    		67 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mysql_servers.azurerm_key_vault_secret.sql_admin
    	File: /modules/databases/mysql_server/server.tf:69-75
    	Calling File: /mysql_servers.tf:7-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		69 | resource "azurerm_key_vault_secret" "sql_admin" {
    		70 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		71 | 
    		72 |   name         = format("%s-username", azurecaf_name.mysql.result)
    		73 |   value        = var.settings.administrator_login
    		74 |   key_vault_id = var.keyvault_id
    		75 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mysql_servers.azurerm_key_vault_secret.sql_admin
    	File: /modules/databases/mysql_server/server.tf:69-75
    	Calling File: /mysql_servers.tf:7-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		69 | resource "azurerm_key_vault_secret" "sql_admin" {
    		70 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		71 | 
    		72 |   name         = format("%s-username", azurecaf_name.mysql.result)
    		73 |   value        = var.settings.administrator_login
    		74 |   key_vault_id = var.keyvault_id
    		75 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mysql_servers.azurerm_key_vault_secret.mysql_admin_login_name
    	File: /modules/databases/mysql_server/server.tf:77-83
    	Calling File: /mysql_servers.tf:7-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		77 | resource "azurerm_key_vault_secret" "mysql_admin_login_name" {
    		78 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		79 | 
    		80 |   name         = format("%s-login-name", azurecaf_name.mysql.result)
    		81 |   value        = format("%s@%s", var.settings.administrator_login, azurerm_mysql_server.mysql.fqdn)
    		82 |   key_vault_id = var.keyvault_id
    		83 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mysql_servers.azurerm_key_vault_secret.mysql_admin_login_name
    	File: /modules/databases/mysql_server/server.tf:77-83
    	Calling File: /mysql_servers.tf:7-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		77 | resource "azurerm_key_vault_secret" "mysql_admin_login_name" {
    		78 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		79 | 
    		80 |   name         = format("%s-login-name", azurecaf_name.mysql.result)
    		81 |   value        = format("%s@%s", var.settings.administrator_login, azurerm_mysql_server.mysql.fqdn)
    		82 |   key_vault_id = var.keyvault_id
    		83 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.mysql_servers.azurerm_key_vault_secret.mysql_fqdn
    	File: /modules/databases/mysql_server/server.tf:85-91
    	Calling File: /mysql_servers.tf:7-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		85 | resource "azurerm_key_vault_secret" "mysql_fqdn" {
    		86 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		87 | 
    		88 |   name         = format("%s-fqdn", azurecaf_name.mysql.result)
    		89 |   value        = azurerm_mysql_server.mysql.fqdn
    		90 |   key_vault_id = var.keyvault_id
    		91 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.mysql_servers.azurerm_key_vault_secret.mysql_fqdn
    	File: /modules/databases/mysql_server/server.tf:85-91
    	Calling File: /mysql_servers.tf:7-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		85 | resource "azurerm_key_vault_secret" "mysql_fqdn" {
    		86 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		87 | 
    		88 |   name         = format("%s-fqdn", azurecaf_name.mysql.result)
    		89 |   value        = azurerm_mysql_server.mysql.fqdn
    		90 |   key_vault_id = var.keyvault_id
    		91 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.postgresql_flexible_servers.azurerm_key_vault_secret.postgresql_database_name
    	File: /modules/databases/postgresql_flexible_server/database.tf:24-30
    	Calling File: /postgresql_flexible_servers.tf:5-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		24 | resource "azurerm_key_vault_secret" "postgresql_database_name" {
    		25 |   for_each = { for key, value in var.settings.postgresql_databases : key => value if can(var.settings.keyvault) }
    		26 | 
    		27 |   name         = format("%s-ON-%s", each.value.name, azurecaf_name.postgresql_flexible_server.result)
    		28 |   value        = each.value.name
    		29 |   key_vault_id = var.remote_objects.keyvault_id
    		30 | }
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.postgresql_flexible_servers.azurerm_key_vault_secret.postgresql_database_name
    	File: /modules/databases/postgresql_flexible_server/database.tf:24-30
    	Calling File: /postgresql_flexible_servers.tf:5-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		24 | resource "azurerm_key_vault_secret" "postgresql_database_name" {
    		25 |   for_each = { for key, value in var.settings.postgresql_databases : key => value if can(var.settings.keyvault) }
    		26 | 
    		27 |   name         = format("%s-ON-%s", each.value.name, azurecaf_name.postgresql_flexible_server.result)
    		28 |   value        = each.value.name
    		29 |   key_vault_id = var.remote_objects.keyvault_id
    		30 | }
    Check: CKV_AZURE_136: "Ensure that PostgreSQL Flexible server enables geo-redundant backups"
    	FAILED for resource: module.example.module.postgresql_flexible_servers.azurerm_postgresql_flexible_server.postgresql
    	File: /modules/databases/postgresql_flexible_server/server.tf:11-68
    	Calling File: /postgresql_flexible_servers.tf:5-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-azure-postgresql-flexible-server-enables-geo-redundant-backups.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.postgresql_flexible_servers.azurerm_key_vault_secret.postgresql_administrator_username
    	File: /modules/databases/postgresql_flexible_server/server.tf:71-83
    	Calling File: /postgresql_flexible_servers.tf:5-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		71 | resource "azurerm_key_vault_secret" "postgresql_administrator_username" {
    		72 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		73 | 
    		74 |   name         = format("%s-username", azurecaf_name.postgresql_flexible_server.result)
    		75 |   value        = try(var.settings.administrator_username, "pgadmin")
    		76 |   key_vault_id = var.remote_objects.keyvault_id
    		77 | 
    		78 |   lifecycle {
    		79 |     ignore_changes = [
    		80 |       value
    		81 |     ]
    		82 |   }
    		83 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.postgresql_flexible_servers.azurerm_key_vault_secret.postgresql_administrator_username
    	File: /modules/databases/postgresql_flexible_server/server.tf:71-83
    	Calling File: /postgresql_flexible_servers.tf:5-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		71 | resource "azurerm_key_vault_secret" "postgresql_administrator_username" {
    		72 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		73 | 
    		74 |   name         = format("%s-username", azurecaf_name.postgresql_flexible_server.result)
    		75 |   value        = try(var.settings.administrator_username, "pgadmin")
    		76 |   key_vault_id = var.remote_objects.keyvault_id
    		77 | 
    		78 |   lifecycle {
    		79 |     ignore_changes = [
    		80 |       value
    		81 |     ]
    		82 |   }
    		83 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.postgresql_flexible_servers.azurerm_key_vault_secret.postgresql_administrator_password
    	File: /modules/databases/postgresql_flexible_server/server.tf:97-109
    	Calling File: /postgresql_flexible_servers.tf:5-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		97  | resource "azurerm_key_vault_secret" "postgresql_administrator_password" {
    		98  |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		99  | 
    		100 |   name         = format("%s-password", azurecaf_name.postgresql_flexible_server.result)
    		101 |   value        = try(var.settings.administrator_password, random_password.postgresql_administrator_password.0.result)
    		102 |   key_vault_id = var.remote_objects.keyvault_id
    		103 | 
    		104 |   lifecycle {
    		105 |     ignore_changes = [
    		106 |       value
    		107 |     ]
    		108 |   }
    		109 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.postgresql_flexible_servers.azurerm_key_vault_secret.postgresql_administrator_password
    	File: /modules/databases/postgresql_flexible_server/server.tf:97-109
    	Calling File: /postgresql_flexible_servers.tf:5-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		97  | resource "azurerm_key_vault_secret" "postgresql_administrator_password" {
    		98  |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		99  | 
    		100 |   name         = format("%s-password", azurecaf_name.postgresql_flexible_server.result)
    		101 |   value        = try(var.settings.administrator_password, random_password.postgresql_administrator_password.0.result)
    		102 |   key_vault_id = var.remote_objects.keyvault_id
    		103 | 
    		104 |   lifecycle {
    		105 |     ignore_changes = [
    		106 |       value
    		107 |     ]
    		108 |   }
    		109 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.postgresql_flexible_servers.azurerm_key_vault_secret.postgresql_fqdn
    	File: /modules/databases/postgresql_flexible_server/server.tf:112-118
    	Calling File: /postgresql_flexible_servers.tf:5-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		112 | resource "azurerm_key_vault_secret" "postgresql_fqdn" {
    		113 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		114 | 
    		115 |   name         = format("%s-fqdn", azurecaf_name.postgresql_flexible_server.result)
    		116 |   value        = azurerm_postgresql_flexible_server.postgresql.fqdn
    		117 |   key_vault_id = var.remote_objects.keyvault_id
    		118 | }
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.postgresql_flexible_servers.azurerm_key_vault_secret.postgresql_fqdn
    	File: /modules/databases/postgresql_flexible_server/server.tf:112-118
    	Calling File: /postgresql_flexible_servers.tf:5-22
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		112 | resource "azurerm_key_vault_secret" "postgresql_fqdn" {
    		113 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		114 | 
    		115 |   name         = format("%s-fqdn", azurecaf_name.postgresql_flexible_server.result)
    		116 |   value        = azurerm_postgresql_flexible_server.postgresql.fqdn
    		117 |   key_vault_id = var.remote_objects.keyvault_id
    		118 | }
    Check: CKV_AZURE_128: "Ensure that PostgreSQL server enables Threat detection policy"
    	FAILED for resource: module.example.module.postgresql_servers.azurerm_postgresql_server.postgresql
    	File: /modules/databases/postgresql_server/server.tf:1-34
    	Calling File: /postgresql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-postgresql-server-enables-threat-detection-policy.html
    
    		1  | resource "azurerm_postgresql_server" "postgresql" {
    		2  | 
    		3  |   name                = azurecaf_name.postgresql.result
    		4  |   resource_group_name = local.resource_group_name
    		5  |   location            = local.location
    		6  |   version             = var.settings.version
    		7  |   sku_name            = var.settings.sku_name
    		8  | 
    		9  |   administrator_login          = var.settings.administrator_login
    		10 |   administrator_login_password = try(var.settings.administrator_login_password, azurerm_key_vault_secret.postgresql_admin_password.0.value)
    		11 | 
    		12 |   auto_grow_enabled                 = try(var.settings.auto_grow_enabled, false)
    		13 |   storage_mb                        = try(var.settings.storage_mb, null)
    		14 |   backup_retention_days             = try(var.settings.backup_retention_days, null)
    		15 |   create_mode                       = try(var.settings.create_mode, "Default")
    		16 |   creation_source_server_id         = try(var.settings.creation_source_server_id, null)
    		17 |   geo_redundant_backup_enabled      = try(var.settings.geo_redundant_backup_enabled, null)
    		18 |   infrastructure_encryption_enabled = try(var.settings.infrastructure_encryption_enableduto_grow_enabled, false)
    		19 |   restore_point_in_time             = try(var.settings.restore_point_in_time, null)
    		20 |   public_network_access_enabled     = try(var.settings.public_network_access_enabled, true)
    		21 |   ssl_enforcement_enabled           = try(var.settings.ssl_enforcement_enabled, true)
    		22 |   ssl_minimal_tls_version_enforced  = try(var.settings.ssl_minimal_tls_version_enforced, "TLSEnforcementDisabled")
    		23 |   tags                              = local.tags
    		24 | 
    		25 | 
    		26 |   dynamic "identity" {
    		27 |     for_each = lookup(var.settings, "identity", {}) == {} ? [] : [1]
    		28 | 
    		29 |     content {
    		30 |       type = var.settings.identity.type
    		31 |     }
    		32 |   }
    		33 | 
    		34 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.postgresql_servers.azurerm_key_vault_secret.postgresql_admin_password
    	File: /modules/databases/postgresql_server/server.tf:57-69
    	Calling File: /postgresql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		57 | resource "azurerm_key_vault_secret" "postgresql_admin_password" {
    		58 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		59 | 
    		60 |   name         = format("%s-password", azurecaf_name.postgresql.result)
    		61 |   value        = random_password.postgresql_admin.0.result
    		62 |   key_vault_id = var.keyvault_id
    		63 | 
    		64 |   lifecycle {
    		65 |     ignore_changes = [
    		66 |       value
    		67 |     ]
    		68 |   }
    		69 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.postgresql_servers.azurerm_key_vault_secret.postgresql_admin_password
    	File: /modules/databases/postgresql_server/server.tf:57-69
    	Calling File: /postgresql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		57 | resource "azurerm_key_vault_secret" "postgresql_admin_password" {
    		58 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		59 | 
    		60 |   name         = format("%s-password", azurecaf_name.postgresql.result)
    		61 |   value        = random_password.postgresql_admin.0.result
    		62 |   key_vault_id = var.keyvault_id
    		63 | 
    		64 |   lifecycle {
    		65 |     ignore_changes = [
    		66 |       value
    		67 |     ]
    		68 |   }
    		69 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.postgresql_servers.azurerm_key_vault_secret.sql_admin
    	File: /modules/databases/postgresql_server/server.tf:71-77
    	Calling File: /postgresql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		71 | resource "azurerm_key_vault_secret" "sql_admin" {
    		72 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		73 | 
    		74 |   name         = format("%s-username", azurecaf_name.postgresql.result)
    		75 |   value        = var.settings.administrator_login
    		76 |   key_vault_id = var.keyvault_id
    		77 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.postgresql_servers.azurerm_key_vault_secret.sql_admin
    	File: /modules/databases/postgresql_server/server.tf:71-77
    	Calling File: /postgresql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		71 | resource "azurerm_key_vault_secret" "sql_admin" {
    		72 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		73 | 
    		74 |   name         = format("%s-username", azurecaf_name.postgresql.result)
    		75 |   value        = var.settings.administrator_login
    		76 |   key_vault_id = var.keyvault_id
    		77 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.postgresql_servers.azurerm_key_vault_secret.postgresql_admin_login_name
    	File: /modules/databases/postgresql_server/server.tf:79-85
    	Calling File: /postgresql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		79 | resource "azurerm_key_vault_secret" "postgresql_admin_login_name" {
    		80 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		81 | 
    		82 |   name         = format("%s-login-name", azurecaf_name.postgresql.result)
    		83 |   value        = format("%s@%s", var.settings.administrator_login, azurerm_postgresql_server.postgresql.fqdn)
    		84 |   key_vault_id = var.keyvault_id
    		85 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.postgresql_servers.azurerm_key_vault_secret.postgresql_admin_login_name
    	File: /modules/databases/postgresql_server/server.tf:79-85
    	Calling File: /postgresql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		79 | resource "azurerm_key_vault_secret" "postgresql_admin_login_name" {
    		80 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		81 | 
    		82 |   name         = format("%s-login-name", azurecaf_name.postgresql.result)
    		83 |   value        = format("%s@%s", var.settings.administrator_login, azurerm_postgresql_server.postgresql.fqdn)
    		84 |   key_vault_id = var.keyvault_id
    		85 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.postgresql_servers.azurerm_key_vault_secret.postgresql_fqdn
    	File: /modules/databases/postgresql_server/server.tf:87-93
    	Calling File: /postgresql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		87 | resource "azurerm_key_vault_secret" "postgresql_fqdn" {
    		88 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		89 | 
    		90 |   name         = format("%s-fqdn", azurecaf_name.postgresql.result)
    		91 |   value        = azurerm_postgresql_server.postgresql.fqdn
    		92 |   key_vault_id = var.keyvault_id
    		93 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.postgresql_servers.azurerm_key_vault_secret.postgresql_fqdn
    	File: /modules/databases/postgresql_server/server.tf:87-93
    	Calling File: /postgresql_servers.tf:7-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		87 | resource "azurerm_key_vault_secret" "postgresql_fqdn" {
    		88 |   count = try(var.settings.administrator_login_password, null) == null ? 1 : 0
    		89 | 
    		90 |   name         = format("%s-fqdn", azurecaf_name.postgresql.result)
    		91 |   value        = azurerm_postgresql_server.postgresql.fqdn
    		92 |   key_vault_id = var.keyvault_id
    		93 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.maps_accounts.azurerm_key_vault_secret.primary_access_key
    	File: /modules/maps/maps_account/maps_account.tf:21-27
    	Calling File: /maps_account.tf:1-14
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		21 | resource "azurerm_key_vault_secret" "primary_access_key" {
    		22 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		23 | 
    		24 |   name         = format("%s-primary-key", data.azurecaf_name.map.result)
    		25 |   value        = azurerm_maps_account.map.primary_access_key
    		26 |   key_vault_id = var.remote_objects.keyvaults[try(var.settings.keyvault.lz_key, var.client_config.landingzone_key)][var.settings.keyvault.key].id
    		27 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.maps_accounts.azurerm_key_vault_secret.primary_access_key
    	File: /modules/maps/maps_account/maps_account.tf:21-27
    	Calling File: /maps_account.tf:1-14
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		21 | resource "azurerm_key_vault_secret" "primary_access_key" {
    		22 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		23 | 
    		24 |   name         = format("%s-primary-key", data.azurecaf_name.map.result)
    		25 |   value        = azurerm_maps_account.map.primary_access_key
    		26 |   key_vault_id = var.remote_objects.keyvaults[try(var.settings.keyvault.lz_key, var.client_config.landingzone_key)][var.settings.keyvault.key].id
    		27 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.maps_accounts.azurerm_key_vault_secret.secondary_access_key
    	File: /modules/maps/maps_account/maps_account.tf:30-36
    	Calling File: /maps_account.tf:1-14
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		30 | resource "azurerm_key_vault_secret" "secondary_access_key" {
    		31 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		32 | 
    		33 |   name         = format("%s-secondary-key", data.azurecaf_name.map.result)
    		34 |   value        = azurerm_maps_account.map.secondary_access_key
    		35 |   key_vault_id = var.remote_objects.keyvaults[try(var.settings.keyvault.lz_key, var.client_config.landingzone_key)][var.settings.keyvault.key].id
    		36 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.maps_accounts.azurerm_key_vault_secret.secondary_access_key
    	File: /modules/maps/maps_account/maps_account.tf:30-36
    	Calling File: /maps_account.tf:1-14
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		30 | resource "azurerm_key_vault_secret" "secondary_access_key" {
    		31 |   count = lookup(var.settings, "keyvault", null) == null ? 0 : 1
    		32 | 
    		33 |   name         = format("%s-secondary-key", data.azurecaf_name.map.result)
    		34 |   value        = azurerm_maps_account.map.secondary_access_key
    		35 |   key_vault_id = var.remote_objects.keyvaults[try(var.settings.keyvault.lz_key, var.client_config.landingzone_key)][var.settings.keyvault.key].id
    		36 | }
    
    Check: CKV_AZURE_205: "Ensure Azure Service Bus is using the latest version of TLS encryption"
    	FAILED for resource: module.example.module.servicebus_namespaces.azurerm_servicebus_namespace.namespace
    	File: /modules/messaging/servicebus/namespace/namespace.tf:13-21
    	Calling File: /messaging_servicebus_namespaces.tf:1-18
    
    		13 | resource "azurerm_servicebus_namespace" "namespace" {
    		14 |   name                = azurecaf_name.namespace.result
    		15 |   sku                 = var.settings.sku
    		16 |   capacity            = try(var.settings.capacity, null)
    		17 |   zone_redundant      = try(var.settings.zone_redundant, null)
    		18 |   tags                = merge(local.base_tags, try(var.settings.tags, {}))
    		19 |   location            = local.location
    		20 |   resource_group_name = local.resource_group_name
    		21 | }
    
    Check: CKV_AZURE_201: "Ensure that Azure Service Bus uses a customer-managed key to encrypt data"
    	FAILED for resource: module.example.module.servicebus_namespaces.azurerm_servicebus_namespace.namespace
    	File: /modules/messaging/servicebus/namespace/namespace.tf:13-21
    	Calling File: /messaging_servicebus_namespaces.tf:1-18
    
    		13 | resource "azurerm_servicebus_namespace" "namespace" {
    		14 |   name                = azurecaf_name.namespace.result
    		15 |   sku                 = var.settings.sku
    		16 |   capacity            = try(var.settings.capacity, null)
    		17 |   zone_redundant      = try(var.settings.zone_redundant, null)
    		18 |   tags                = merge(local.base_tags, try(var.settings.tags, {}))
    		19 |   location            = local.location
    		20 |   resource_group_name = local.resource_group_name
    		21 | }
    
    Check: CKV_AZURE_202: "Ensure that Managed identity provider is enabled for Azure Service Bus"
    	FAILED for resource: module.example.module.servicebus_namespaces.azurerm_servicebus_namespace.namespace
    	File: /modules/messaging/servicebus/namespace/namespace.tf:13-21
    	Calling File: /messaging_servicebus_namespaces.tf:1-18
    
    		13 | resource "azurerm_servicebus_namespace" "namespace" {
    		14 |   name                = azurecaf_name.namespace.result
    		15 |   sku                 = var.settings.sku
    		16 |   capacity            = try(var.settings.capacity, null)
    		17 |   zone_redundant      = try(var.settings.zone_redundant, null)
    		18 |   tags                = merge(local.base_tags, try(var.settings.tags, {}))
    		19 |   location            = local.location
    		20 |   resource_group_name = local.resource_group_name
    		21 | }
    
    Check: CKV_AZURE_199: "Ensure that Azure Service Bus uses double encryption"
    	FAILED for resource: module.example.module.servicebus_namespaces.azurerm_servicebus_namespace.namespace
    	File: /modules/messaging/servicebus/namespace/namespace.tf:13-21
    	Calling File: /messaging_servicebus_namespaces.tf:1-18
    
    		13 | resource "azurerm_servicebus_namespace" "namespace" {
    		14 |   name                = azurecaf_name.namespace.result
    		15 |   sku                 = var.settings.sku
    		16 |   capacity            = try(var.settings.capacity, null)
    		17 |   zone_redundant      = try(var.settings.zone_redundant, null)
    		18 |   tags                = merge(local.base_tags, try(var.settings.tags, {}))
    		19 |   location            = local.location
    		20 |   resource_group_name = local.resource_group_name
    		21 | }
    
    Check: CKV_AZURE_204: "Ensure 'public network access enabled' is set to 'False' for Azure Service Bus"
    	FAILED for resource: module.example.module.servicebus_namespaces.azurerm_servicebus_namespace.namespace
    	File: /modules/messaging/servicebus/namespace/namespace.tf:13-21
    	Calling File: /messaging_servicebus_namespaces.tf:1-18
    
    		13 | resource "azurerm_servicebus_namespace" "namespace" {
    		14 |   name                = azurecaf_name.namespace.result
    		15 |   sku                 = var.settings.sku
    		16 |   capacity            = try(var.settings.capacity, null)
    		17 |   zone_redundant      = try(var.settings.zone_redundant, null)
    		18 |   tags                = merge(local.base_tags, try(var.settings.tags, {}))
    		19 |   location            = local.location
    		20 |   resource_group_name = local.resource_group_name
    		21 | }
    
    Check: CKV_AZURE_203: "Ensure Azure Service Bus Local Authentication is disabled"
    	FAILED for resource: module.example.module.servicebus_namespaces.azurerm_servicebus_namespace.namespace
    	File: /modules/messaging/servicebus/namespace/namespace.tf:13-21
    	Calling File: /messaging_servicebus_namespaces.tf:1-18
    
    		13 | resource "azurerm_servicebus_namespace" "namespace" {
    		14 |   name                = azurecaf_name.namespace.result
    		15 |   sku                 = var.settings.sku
    		16 |   capacity            = try(var.settings.capacity, null)
    		17 |   zone_redundant      = try(var.settings.zone_redundant, null)
    		18 |   tags                = merge(local.base_tags, try(var.settings.tags, {}))
    		19 |   location            = local.location
    		20 |   resource_group_name = local.resource_group_name
    		21 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.web_pubsubs.azurerm_key_vault_secret.primary_access_key
    	File: /modules/messaging/web_pubsub/keyvault_secrets.tf:2-7
    	Calling File: /web_pubsubs.tf:1-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		2 | resource "azurerm_key_vault_secret" "primary_access_key" {
    		3 |   for_each     = try(var.settings.keyvaults, {})
    		4 |   name         = format("%s-primary-access-key", each.value.secret_prefix)
    		5 |   value        = azurerm_web_pubsub.wps.primary_access_key
    		6 |   key_vault_id = try(each.value.lz_key, null) == null ? var.remote_objects.keyvaults[var.client_config.landingzone_key][each.key].id : var.remote_objects.keyvaults[each.value.lz_key][each.key].id
    		7 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.web_pubsubs.azurerm_key_vault_secret.primary_access_key
    	File: /modules/messaging/web_pubsub/keyvault_secrets.tf:2-7
    	Calling File: /web_pubsubs.tf:1-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		2 | resource "azurerm_key_vault_secret" "primary_access_key" {
    		3 |   for_each     = try(var.settings.keyvaults, {})
    		4 |   name         = format("%s-primary-access-key", each.value.secret_prefix)
    		5 |   value        = azurerm_web_pubsub.wps.primary_access_key
    		6 |   key_vault_id = try(each.value.lz_key, null) == null ? var.remote_objects.keyvaults[var.client_config.landingzone_key][each.key].id : var.remote_objects.keyvaults[each.value.lz_key][each.key].id
    		7 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.web_pubsubs.azurerm_key_vault_secret.primary_connection_string
    	File: /modules/messaging/web_pubsub/keyvault_secrets.tf:9-14
    	Calling File: /web_pubsubs.tf:1-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		9  | resource "azurerm_key_vault_secret" "primary_connection_string" {
    		10 |   for_each     = try(var.settings.keyvaults, {})
    		11 |   name         = format("%s-primary-connection-string", each.value.secret_prefix)
    		12 |   value        = azurerm_web_pubsub.wps.primary_connection_string
    		13 |   key_vault_id = try(each.value.lz_key, null) == null ? var.remote_objects.keyvaults[var.client_config.landingzone_key][each.key].id : var.remote_objects.keyvaults[each.value.lz_key][each.key].id
    		14 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.web_pubsubs.azurerm_key_vault_secret.primary_connection_string
    	File: /modules/messaging/web_pubsub/keyvault_secrets.tf:9-14
    	Calling File: /web_pubsubs.tf:1-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		9  | resource "azurerm_key_vault_secret" "primary_connection_string" {
    		10 |   for_each     = try(var.settings.keyvaults, {})
    		11 |   name         = format("%s-primary-connection-string", each.value.secret_prefix)
    		12 |   value        = azurerm_web_pubsub.wps.primary_connection_string
    		13 |   key_vault_id = try(each.value.lz_key, null) == null ? var.remote_objects.keyvaults[var.client_config.landingzone_key][each.key].id : var.remote_objects.keyvaults[each.value.lz_key][each.key].id
    		14 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.web_pubsubs.azurerm_key_vault_secret.secondary_access_key
    	File: /modules/messaging/web_pubsub/keyvault_secrets.tf:16-21
    	Calling File: /web_pubsubs.tf:1-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		16 | resource "azurerm_key_vault_secret" "secondary_access_key" {
    		17 |   for_each     = try(var.settings.keyvaults, {})
    		18 |   name         = format("%s-secondary-access-key", each.value.secret_prefix)
    		19 |   value        = azurerm_web_pubsub.wps.secondary_access_key
    		20 |   key_vault_id = try(each.value.lz_key, null) == null ? var.remote_objects.keyvaults[var.client_config.landingzone_key][each.key].id : var.remote_objects.keyvaults[each.value.lz_key][each.key].id
    		21 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.web_pubsubs.azurerm_key_vault_secret.secondary_access_key
    	File: /modules/messaging/web_pubsub/keyvault_secrets.tf:16-21
    	Calling File: /web_pubsubs.tf:1-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		16 | resource "azurerm_key_vault_secret" "secondary_access_key" {
    		17 |   for_each     = try(var.settings.keyvaults, {})
    		18 |   name         = format("%s-secondary-access-key", each.value.secret_prefix)
    		19 |   value        = azurerm_web_pubsub.wps.secondary_access_key
    		20 |   key_vault_id = try(each.value.lz_key, null) == null ? var.remote_objects.keyvaults[var.client_config.landingzone_key][each.key].id : var.remote_objects.keyvaults[each.value.lz_key][each.key].id
    		21 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.web_pubsubs.azurerm_key_vault_secret.secondary_connection_string
    	File: /modules/messaging/web_pubsub/keyvault_secrets.tf:23-28
    	Calling File: /web_pubsubs.tf:1-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		23 | resource "azurerm_key_vault_secret" "secondary_connection_string" {
    		24 |   for_each     = try(var.settings.keyvaults, {})
    		25 |   name         = format("%s-secondary-connection-string", each.value.secret_prefix)
    		26 |   value        = azurerm_web_pubsub.wps.secondary_connection_string
    		27 |   key_vault_id = try(each.value.lz_key, null) == null ? var.remote_objects.keyvaults[var.client_config.landingzone_key][each.key].id : var.remote_objects.keyvaults[each.value.lz_key][each.key].id
    		28 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.web_pubsubs.azurerm_key_vault_secret.secondary_connection_string
    	File: /modules/messaging/web_pubsub/keyvault_secrets.tf:23-28
    	Calling File: /web_pubsubs.tf:1-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		23 | resource "azurerm_key_vault_secret" "secondary_connection_string" {
    		24 |   for_each     = try(var.settings.keyvaults, {})
    		25 |   name         = format("%s-secondary-connection-string", each.value.secret_prefix)
    		26 |   value        = azurerm_web_pubsub.wps.secondary_connection_string
    		27 |   key_vault_id = try(each.value.lz_key, null) == null ? var.remote_objects.keyvaults[var.client_config.landingzone_key][each.key].id : var.remote_objects.keyvaults[each.value.lz_key][each.key].id
    		28 | }
    
    Check: CKV_AZURE_218: "Ensure Application Gateway defines secure protocols for in transit communication"
    	FAILED for resource: module.example.module.application_gateways.azurerm_application_gateway.agw
    	File: /modules/networking/application_gateway/application_gateway.tf:29-381
    	Calling File: /application_gateways.tf:1-32
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_218: "Ensure Application Gateway defines secure protocols for in transit communication"
    	FAILED for resource: module.example.module.application_gateway_platforms.azurerm_application_gateway.agw
    	File: /modules/networking/application_gateway_platform/application_gateway.tf:29-226
    	Calling File: /application_gateway_platforms.tf:1-25
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_135: "Ensure Application Gateway WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell"
    	FAILED for resource: module.example.module.application_gateway_waf_policies.azurerm_web_application_firewall_policy.wafpolicy
    	File: /modules/networking/application_gateway_waf_policies/waf_policy.tf:1-93
    	Calling File: /application_gateway_waf_policies.tf:1-11
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-application-gateway-waf-prevents-message-lookup-in-log4j2.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_133: "Ensure Front Door WAF prevents message lookup in Log4j2. See CVE-2021-44228 aka log4jshell"
    	FAILED for resource: module.example.module.front_door_waf_policies.azurerm_frontdoor_firewall_policy.wafpolicy
    	File: /modules/networking/front_door_waf_policy/waf_policy.tf:1-92
    	Calling File: /front_door_waf_policies.tf:1-9
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-front-door-waf-prevents-message-lookup-in-log4j2.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_183: "Ensure that VNET uses local DNS addresses"
    	FAILED for resource: module.example.module.networking.azurerm_virtual_network.vnet
    	File: /modules/networking/virtual_network/module.tf:13-41
    	Calling File: /networking.tf:29-62
    
    		13 | resource "azurerm_virtual_network" "vnet" {
    		14 |   name                = azurecaf_name.caf_name_vnet.result
    		15 |   location            = local.location
    		16 |   resource_group_name = local.resource_group_name
    		17 |   address_space       = var.settings.vnet.address_space
    		18 |   tags                = local.tags
    		19 | 
    		20 |   dns_servers = flatten(
    		21 |     concat(
    		22 |       try(lookup(var.settings.vnet, "dns_servers", [])),
    		23 |       try(local.dns_servers_process, [])
    		24 |     )
    		25 |   )
    		26 | 
    		27 |   bgp_community = try(var.settings.vnet.bgp_community, null)
    		28 | 
    		29 |   dynamic "ddos_protection_plan" {
    		30 |     for_each = var.ddos_id != "" || can(var.global_settings["ddos_protection_plan_id"]) ? [1] : []
    		31 | 
    		32 |     content {
    		33 |       id     = var.ddos_id != "" ? var.ddos_id : var.global_settings["ddos_protection_plan_id"]
    		34 |       enable = true
    		35 |     }
    		36 |   }
    		37 | 
    		38 |   lifecycle {
    		39 |     ignore_changes = [name]
    		40 |   }
    		41 | }
    
    Check: CKV_AZURE_12: "Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'"
    	FAILED for resource: module.example.module.network_security_groups.module.nsg_flows.azurerm_network_watcher_flow_log.flow[0]
    	File: /modules/networking/virtual_network/nsg/flow_logs/flow_logs.tf:1-36
    	Calling File: /modules/networking/network_security_group/nsg_flow_logs.tf:2-12
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-1.html
    
    		1  | resource "azurerm_network_watcher_flow_log" "flow" {
    		2  |   count = try(var.settings, {}) == {} ? 0 : 1
    		3  | 
    		4  | 
    		5  |   network_watcher_name = try(
    		6  |     var.network_watchers[try(var.settings.lz_key, var.client_config.landingzone_key)][var.settings.network_watcher_key].name,
    		7  |     format("NetworkWatcher_%s", var.resource_location)
    		8  |   )
    		9  | 
    		10 |   resource_group_name = try(
    		11 |     var.network_watchers[try(var.settings.lz_key, var.client_config.landingzone_key)][var.settings.network_watcher_key].resource_group_name,
    		12 |     "NetworkWatcherRG"
    		13 |   )
    		14 |   name                      = var.settings.name
    		15 |   version                   = try(var.settings.version, 2)
    		16 |   network_security_group_id = var.resource_id
    		17 |   storage_account_id = try(var.diagnostics.diagnostics_destinations.storage[var.settings.storage_account.storage_account_destination][var.resource_location].storage_account_resource_id,
    		18 |   var.diagnostics.storage_accounts[var.diagnostics.diagnostics_destinations.storage[var.settings.storage_account.storage_account_destination][var.resource_location].storage_account_key].id)
    		19 |   enabled = try(var.settings.enabled, false)
    		20 | 
    		21 |   retention_policy {
    		22 |     enabled = try(var.settings.storage_account.retention.enabled, true)
    		23 |     days    = try(var.settings.storage_account.retention.days, 10)
    		24 |   }
    		25 | 
    		26 |   dynamic "traffic_analytics" {
    		27 |     for_each = try(var.settings.traffic_analytics, {}) != {} ? [1] : []
    		28 |     content {
    		29 |       enabled               = var.settings.traffic_analytics.enabled
    		30 |       interval_in_minutes   = try(var.settings.traffic_analytics.interval_in_minutes, null)
    		31 |       workspace_id          = can(var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_workspace_id) ? var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_workspace_id : var.diagnostics.log_analytics[var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_key].workspace_id
    		32 |       workspace_region      = var.resource_location
    		33 |       workspace_resource_id = can(var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_resource_id) ? var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_resource_id : var.diagnostics.log_analytics[var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_key].id
    		34 |     }
    		35 |   }
    		36 | }
    
    Check: CKV_AZURE_12: "Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'"
    	FAILED for resource: module.example.module.networking.module.nsg.module.nsg_flows.azurerm_network_watcher_flow_log.flow[0]
    	File: /modules/networking/virtual_network/nsg/flow_logs/flow_logs.tf:1-36
    	Calling File: /modules/networking/virtual_network/nsg/nsg_flow_logs.tf:2-15
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-1.html
    
    		1  | resource "azurerm_network_watcher_flow_log" "flow" {
    		2  |   count = try(var.settings, {}) == {} ? 0 : 1
    		3  | 
    		4  | 
    		5  |   network_watcher_name = try(
    		6  |     var.network_watchers[try(var.settings.lz_key, var.client_config.landingzone_key)][var.settings.network_watcher_key].name,
    		7  |     format("NetworkWatcher_%s", var.resource_location)
    		8  |   )
    		9  | 
    		10 |   resource_group_name = try(
    		11 |     var.network_watchers[try(var.settings.lz_key, var.client_config.landingzone_key)][var.settings.network_watcher_key].resource_group_name,
    		12 |     "NetworkWatcherRG"
    		13 |   )
    		14 |   name                      = var.settings.name
    		15 |   version                   = try(var.settings.version, 2)
    		16 |   network_security_group_id = var.resource_id
    		17 |   storage_account_id = try(var.diagnostics.diagnostics_destinations.storage[var.settings.storage_account.storage_account_destination][var.resource_location].storage_account_resource_id,
    		18 |   var.diagnostics.storage_accounts[var.diagnostics.diagnostics_destinations.storage[var.settings.storage_account.storage_account_destination][var.resource_location].storage_account_key].id)
    		19 |   enabled = try(var.settings.enabled, false)
    		20 | 
    		21 |   retention_policy {
    		22 |     enabled = try(var.settings.storage_account.retention.enabled, true)
    		23 |     days    = try(var.settings.storage_account.retention.days, 10)
    		24 |   }
    		25 | 
    		26 |   dynamic "traffic_analytics" {
    		27 |     for_each = try(var.settings.traffic_analytics, {}) != {} ? [1] : []
    		28 |     content {
    		29 |       enabled               = var.settings.traffic_analytics.enabled
    		30 |       interval_in_minutes   = try(var.settings.traffic_analytics.interval_in_minutes, null)
    		31 |       workspace_id          = can(var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_workspace_id) ? var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_workspace_id : var.diagnostics.log_analytics[var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_key].workspace_id
    		32 |       workspace_region      = var.resource_location
    		33 |       workspace_resource_id = can(var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_resource_id) ? var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_resource_id : var.diagnostics.log_analytics[var.diagnostics.diagnostics_destinations.log_analytics[var.settings.traffic_analytics.log_analytics_workspace_destination].log_analytics_key].id
    		34 |     }
    		35 |   }
    		36 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.dynamic_keyvault_secrets.module.secret.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret/keyvault_secret.tf:1-11
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:1-12
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   name         = var.name
    		3  |   value        = var.value
    		4  |   key_vault_id = var.keyvault_id
    		5  | 
    		6  |   lifecycle {
    		7  |     ignore_changes = [
    		8  |       key_vault_id
    		9  |     ]
    		10 |   }
    		11 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.dynamic_keyvault_secrets.module.secret.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret/keyvault_secret.tf:1-11
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:1-12
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   name         = var.name
    		3  |   value        = var.value
    		4  |   key_vault_id = var.keyvault_id
    		5  | 
    		6  |   lifecycle {
    		7  |     ignore_changes = [
    		8  |       key_vault_id
    		9  |     ]
    		10 |   }
    		11 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.dynamic_keyvault_secrets.module.secret.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret/keyvault_secret.tf:1-11
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:1-12
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   name         = var.name
    		3  |   value        = var.value
    		4  |   key_vault_id = var.keyvault_id
    		5  | 
    		6  |   lifecycle {
    		7  |     ignore_changes = [
    		8  |       key_vault_id
    		9  |     ]
    		10 |   }
    		11 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.dynamic_keyvault_secrets.module.secret.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret/keyvault_secret.tf:1-11
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:1-12
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   name         = var.name
    		3  |   value        = var.value
    		4  |   key_vault_id = var.keyvault_id
    		5  | 
    		6  |   lifecycle {
    		7  |     ignore_changes = [
    		8  |       key_vault_id
    		9  |     ]
    		10 |   }
    		11 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.dynamic_keyvault_secrets.module.secret_value.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret/keyvault_secret.tf:1-11
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:14-24
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   name         = var.name
    		3  |   value        = var.value
    		4  |   key_vault_id = var.keyvault_id
    		5  | 
    		6  |   lifecycle {
    		7  |     ignore_changes = [
    		8  |       key_vault_id
    		9  |     ]
    		10 |   }
    		11 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.dynamic_keyvault_secrets.module.secret_value.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret/keyvault_secret.tf:1-11
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:14-24
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   name         = var.name
    		3  |   value        = var.value
    		4  |   key_vault_id = var.keyvault_id
    		5  | 
    		6  |   lifecycle {
    		7  |     ignore_changes = [
    		8  |       key_vault_id
    		9  |     ]
    		10 |   }
    		11 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.dynamic_keyvault_secrets.module.secret_value.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret/keyvault_secret.tf:1-11
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:14-24
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   name         = var.name
    		3  |   value        = var.value
    		4  |   key_vault_id = var.keyvault_id
    		5  | 
    		6  |   lifecycle {
    		7  |     ignore_changes = [
    		8  |       key_vault_id
    		9  |     ]
    		10 |   }
    		11 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.dynamic_keyvault_secrets.module.secret_value.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret/keyvault_secret.tf:1-11
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:14-24
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   name         = var.name
    		3  |   value        = var.value
    		4  |   key_vault_id = var.keyvault_id
    		5  | 
    		6  |   lifecycle {
    		7  |     ignore_changes = [
    		8  |       key_vault_id
    		9  |     ]
    		10 |   }
    		11 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.dynamic_keyvault_secrets.module.secret_dynamic.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret_dynamic/keyvault_secret.tf:7-17
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:39-50
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		7  | resource "azurerm_key_vault_secret" "secret" {
    		8  |   name         = var.name
    		9  |   value        = random_password.value.result
    		10 |   key_vault_id = var.keyvault_id
    		11 | 
    		12 |   lifecycle {
    		13 |     ignore_changes = [
    		14 |       key_vault_id
    		15 |     ]
    		16 |   }
    		17 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.dynamic_keyvault_secrets.module.secret_dynamic.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret_dynamic/keyvault_secret.tf:7-17
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:39-50
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		7  | resource "azurerm_key_vault_secret" "secret" {
    		8  |   name         = var.name
    		9  |   value        = random_password.value.result
    		10 |   key_vault_id = var.keyvault_id
    		11 | 
    		12 |   lifecycle {
    		13 |     ignore_changes = [
    		14 |       key_vault_id
    		15 |     ]
    		16 |   }
    		17 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.dynamic_keyvault_secrets.module.secret_dynamic.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret_dynamic/keyvault_secret.tf:7-17
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:39-50
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		7  | resource "azurerm_key_vault_secret" "secret" {
    		8  |   name         = var.name
    		9  |   value        = random_password.value.result
    		10 |   key_vault_id = var.keyvault_id
    		11 | 
    		12 |   lifecycle {
    		13 |     ignore_changes = [
    		14 |       key_vault_id
    		15 |     ]
    		16 |   }
    		17 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.dynamic_keyvault_secrets.module.secret_dynamic.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret_dynamic/keyvault_secret.tf:7-17
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:39-50
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		7  | resource "azurerm_key_vault_secret" "secret" {
    		8  |   name         = var.name
    		9  |   value        = random_password.value.result
    		10 |   key_vault_id = var.keyvault_id
    		11 | 
    		12 |   lifecycle {
    		13 |     ignore_changes = [
    		14 |       key_vault_id
    		15 |     ]
    		16 |   }
    		17 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.example.module.dynamic_keyvault_secrets.module.secret_immutable.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret_immutable/keyvault_secret.tf:1-12
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:26-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   count        = var.value == "" ? 1 : 0
    		3  |   name         = var.name
    		4  |   value        = var.value
    		5  |   key_vault_id = var.keyvault_id
    		6  | 
    		7  |   lifecycle {
    		8  |     ignore_changes = [
    		9  |       value, key_vault_id
    		10 |     ]
    		11 |   }
    		12 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.example.module.dynamic_keyvault_secrets.module.secret_immutable.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret_immutable/keyvault_secret.tf:1-12
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:26-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   count        = var.value == "" ? 1 : 0
    		3  |   name         = var.name
    		4  |   value        = var.value
    		5  |   key_vault_id = var.keyvault_id
    		6  | 
    		7  |   lifecycle {
    		8  |     ignore_changes = [
    		9  |       value, key_vault_id
    		10 |     ]
    		11 |   }
    		12 | }
    
    Check: CKV_AZURE_41: "Ensure that the expiration date is set on all secrets"
    	FAILED for resource: module.dynamic_keyvault_secrets.module.secret_immutable.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret_immutable/keyvault_secret.tf:1-12
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:26-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-secrets-policies/set-an-expiration-date-on-all-secrets.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   count        = var.value == "" ? 1 : 0
    		3  |   name         = var.name
    		4  |   value        = var.value
    		5  |   key_vault_id = var.keyvault_id
    		6  | 
    		7  |   lifecycle {
    		8  |     ignore_changes = [
    		9  |       value, key_vault_id
    		10 |     ]
    		11 |   }
    		12 | }
    
    Check: CKV_AZURE_114: "Ensure that key vault secrets have "content_type" set"
    	FAILED for resource: module.dynamic_keyvault_secrets.module.secret_immutable.azurerm_key_vault_secret.secret
    	File: /modules/security/dynamic_keyvault_secrets/secret_immutable/keyvault_secret.tf:1-12
    	Calling File: /modules/security/dynamic_keyvault_secrets/keyvault.tf:26-37
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-secrets-have-content-type-set.html
    
    		1  | resource "azurerm_key_vault_secret" "secret" {
    		2  |   count        = var.value == "" ? 1 : 0
    		3  |   name         = var.name
    		4  |   value        = var.value
    		5  |   key_vault_id = var.keyvault_id
    		6  | 
    		7  |   lifecycle {
    		8  |     ignore_changes = [
    		9  |       value, key_vault_id
    		10 |     ]
    		11 |   }
    		12 | }
    
    Check: CKV_AZURE_112: "Ensure that key vault key is backed by HSM"
    	FAILED for resource: module.example.module.keyvault_keys.azurerm_key_vault_key.key
    	File: /modules/security/keyvault_key/key.tf:1-25
    	Calling File: /keyvault_keys.tf:1-12
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-key-vault-key-is-backed-by-hsm.html
    
    		1  | resource "azurerm_key_vault_key" "key" {
    		2  |   name         = var.settings.name
    		3  |   key_vault_id = var.keyvaults[try(var.settings.lz_key, var.client_config.landingzone_key)][var.settings.keyvault_key].id
    		4  |   key_type     = var.settings.key_type
    		5  |   key_opts     = var.settings.key_opts
    		6  | 
    		7  |   key_size        = try(var.settings.key_size, null)
    		8  |   curve           = try(var.settings.curve, null)
    		9  |   not_before_date = try(var.settings.not_before_date, null)
    		10 |   expiration_date = try(var.settings.expiration_date, null)
    		11 |   tags            = local.tags
    		12 |   dynamic "rotation_policy" {
    		13 |     for_each = can(var.settings.rotation_policy) ? [1] : []
    		14 |     content {
    		15 |       expire_after         = try(var.settings.rotation_policy.expire_after, null)
    		16 |       notify_before_expiry = try(var.settings.rotation_policy.notify_before_expiry, null)
    		17 |       dynamic "automatic" {
    		18 |         for_each = can(var.settings.rotation_policy.automatic) ? [1] : []
    		19 |         content {
    		20 |           time_before_expiry = try(var.settings.rotation_policy.automatic.time_before_expiry, null)
    		21 |         }
    		22 |       }
    		23 |     }
    		24 |   }
    		25 | }
    
    Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
    	FAILED for resource: module.example.module.diagnostic_storage_accounts.azurerm_storage_account.stg
    	File: /modules/storage_account/storage_account.tf:20-256
    	Calling File: /diagnostics.tf:25-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_35: "Ensure default network access rule for Storage Accounts is set to deny"
    	FAILED for resource: module.example.module.diagnostic_storage_accounts.azurerm_storage_account.stg
    	File: /modules/storage_account/storage_account.tf:20-256
    	Calling File: /diagnostics.tf:25-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/set-default-network-access-rule-for-storage-accounts-to-deny.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_36: "Ensure 'Trusted Microsoft Services' is enabled for Storage Account access"
    	FAILED for resource: module.example.module.diagnostic_storage_accounts.azurerm_storage_account.stg
    	File: /modules/storage_account/storage_account.tf:20-256
    	Calling File: /diagnostics.tf:25-38
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/enable-trusted-microsoft-services-for-storage-account-access.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_44: "Ensure Storage Account is using the latest version of TLS encryption"
    	FAILED for resource: module.example.module.storage_accounts.azurerm_storage_account.stg
    	File: /modules/storage_account/storage_account.tf:20-256
    	Calling File: /storage_accounts.tf:2-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-storage-policies/bc-azr-storage-2.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_35: "Ensure default network access rule for Storage Accounts is set to deny"
    	FAILED for resource: module.example.module.storage_accounts.azurerm_storage_account.stg
    	File: /modules/storage_account/storage_account.tf:20-256
    	Calling File: /storage_accounts.tf:2-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/set-default-network-access-rule-for-storage-accounts-to-deny.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_36: "Ensure 'Trusted Microsoft Services' is enabled for Storage Account access"
    	FAILED for resource: module.example.module.storage_accounts.azurerm_storage_account.stg
    	File: /modules/storage_account/storage_account.tf:20-256
    	Calling File: /storage_accounts.tf:2-27
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/enable-trusted-microsoft-services-for-storage-account-access.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_80: "Ensure that 'Net Framework' version is the latest, if used as a part of the web app"
    	FAILED for resource: module.example.module.app_services.azurerm_app_service.app_service
    	File: /modules/webapps/appservice/module.tf:15-278
    	Calling File: /app_services.tf:4-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-net-framework-version-is-the-latest-if-used-as-a-part-of-the-web-app.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_88: "Ensure that app services use Azure Files"
    	FAILED for resource: module.example.module.app_services.azurerm_app_service.app_service
    	File: /modules/webapps/appservice/module.tf:15-278
    	Calling File: /app_services.tf:4-35
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-app-services-use-azure-files.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_11: "Ensure that Azure Data Explorer encryption at rest uses a customer-managed key"
    	FAILED for resource: module.example.module.kusto_clusters.azurerm_kusto_cluster.kusto
    	File: /modules/databases/data_explorer/kusto_clusters/module.tf:14-60
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-azure-data-explorer-encryption-at-rest-uses-a-customer-managed-key.html
    
    		14 | resource "azurerm_kusto_cluster" "kusto" {
    		15 |   name                = azurecaf_name.kusto.result
    		16 |   location            = var.location
    		17 |   resource_group_name = var.resource_group_name
    		18 |   dynamic "sku" {
    		19 |     for_each = try(var.settings.sku, null) != null ? [var.settings.sku] : []
    		20 | 
    		21 |     content {
    		22 |       name     = sku.value.name
    		23 |       capacity = lookup(sku.value, "capacity", null)
    		24 |     }
    		25 |   }
    		26 |   double_encryption_enabled = try(var.settings.double_encryption_enabled, null)
    		27 |   dynamic "identity" {
    		28 |     for_each = try(var.settings.identity, false) == false ? [] : [1]
    		29 | 
    		30 |     content {
    		31 |       type         = var.settings.identity.type
    		32 |       identity_ids = local.managed_identities
    		33 |     }
    		34 |   }
    		35 |   disk_encryption_enabled     = try(var.settings.enable_disk_encryption, var.settings.disk_encryption_enabled, null)
    		36 |   streaming_ingestion_enabled = try(var.settings.enable_streaming_ingest, var.settings.streaming_ingestion_enabled, null)
    		37 |   purge_enabled               = try(var.settings.enable_purge, var.settings.purge_enabled, null)
    		38 |   dynamic "virtual_network_configuration" {
    		39 |     for_each = try(var.settings.virtual_network_configuration, null) != null ? [var.settings.virtual_network_configuration] : []
    		40 |     content {
    		41 |       subnet_id                    = can(virtual_network_configuration.value.subnet_id) || can(virtual_network_configuration.value.subnet_key) == false ? try(virtual_network_configuration.value.subnet_id, null) : try(virtual_network_configuration.value.vnet_key, null) == null ? null : var.combined_resources.vnets[try(virtual_network_configuration.value.lz_key, var.client_config.landingzone_key)][virtual_network_configuration.value.vnet_key].subnets[virtual_network_configuration.value.subnet_key].id
    		42 |       engine_public_ip_id          = try(virtual_network_configuration.value.engine_public_ip.key, null) == null ? null : try(var.combined_resources.pips[try(virtual_network_configuration.value.engine_public_ip.lz_key, var.client_config.landingzone_key)][virtual_network_configuration.value.engine_public_ip.key].id, null)
    		43 |       data_management_public_ip_id = try(virtual_network_configuration.value.data_management_public_ip.key, null) == null ? null : try(var.combined_resources.pips[try(virtual_network_configuration.value.data_management_public_ip.lz_key, var.client_config.landingzone_key)][virtual_network_configuration.value.data_management_public_ip.key].id, null)
    		44 |     }
    		45 |   }
    		46 |   language_extensions = try(var.settings.language_extensions, null)
    		47 |   dynamic "optimized_auto_scale" {
    		48 |     for_each = try(var.settings.optimized_auto_scale, null) != null ? [var.settings.optimized_auto_scale] : []
    		49 | 
    		50 |     content {
    		51 |       minimum_instances = optimized_auto_scale.value.minimum_instances
    		52 |       maximum_instances = optimized_auto_scale.value.maximum_instances
    		53 |     }
    		54 |   }
    		55 |   trusted_external_tenants = try(var.settings.trusted_external_tenants, null)
    		56 |   zones                    = try(var.settings.zones, null)
    		57 |   engine                   = try(var.settings.engine, null)
    		58 |   auto_stop_enabled        = try(var.settings.auto_stop_enabled, null)
    		59 |   tags                     = local.tags
    		60 | }
    Check: CKV2_AZURE_3: "Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server"
    	FAILED for resource: module.example.module.mssql_servers.azurerm_mssql_server_vulnerability_assessment.mssql[0]
    	File: /modules/databases/mssql_server/vulnerability_assessment.tf:12-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-va-setting-periodic-recurring-scans-is-enabled-on-a-sql-server.html
    
    		12 | resource "azurerm_mssql_server_vulnerability_assessment" "mssql" {
    		13 |   count = try(var.settings.security_alert_policy.vulnerability_assessment, null) == null ? 0 : 1
    		14 | 
    		15 |   server_security_alert_policy_id = azurerm_mssql_server_security_alert_policy.mssql.0.id
    		16 |   storage_container_path          = format("%s%s/", data.azurerm_storage_account.mssql_va.0.primary_blob_endpoint, try(var.settings.security_alert_policy.vulnerability_assessment.storage_account.container_path, "vascans"))
    		17 |   storage_account_access_key      = data.azurerm_storage_account.mssql_va.0.primary_access_key
    		18 |   recurring_scans {
    		19 |     enabled                   = try(var.settings.security_alert_policy.vulnerability_assessment.enabled, true)
    		20 |     email_subscription_admins = try(var.settings.security_alert_policy.vulnerability_assessment.email_subscription_admins, false)
    		21 |     emails                    = try(var.settings.security_alert_policy.vulnerability_assessment.email_addresses, null)
    		22 |   }
    		23 | }
    
    Check: CKV2_AZURE_21: "Ensure Storage logging is enabled for Blob service for read requests"
    	FAILED for resource: module.example.module.diagnostic_storage_accounts.module.container.azurerm_storage_container.stg
    	File: /modules/storage_account/container/container.tf:4-9
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/ensure-storage-logging-is-enabled-for-blob-service-for-read-requests.html
    
    		4 | resource "azurerm_storage_container" "stg" {
    		5 |   name                  = var.settings.name
    		6 |   storage_account_name  = var.storage_account_name
    		7 |   container_access_type = try(var.settings.container_access_type, "private")
    		8 |   metadata              = try(var.settings.metadata, null)
    		9 | }
    Check: CKV2_AZURE_21: "Ensure Storage logging is enabled for Blob service for read requests"
    	FAILED for resource: module.example.module.storage_accounts.module.container.azurerm_storage_container.stg
    	File: /modules/storage_account/container/container.tf:4-9
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/ensure-storage-logging-is-enabled-for-blob-service-for-read-requests.html
    
    		4 | resource "azurerm_storage_container" "stg" {
    		5 |   name                  = var.settings.name
    		6 |   storage_account_name  = var.storage_account_name
    		7 |   container_access_type = try(var.settings.container_access_type, "private")
    		8 |   metadata              = try(var.settings.metadata, null)
    		9 | }
    Check: CKV2_AZURE_21: "Ensure Storage logging is enabled for Blob service for read requests"
    	FAILED for resource: module.example.module.storage_containers.azurerm_storage_container.stg
    	File: /modules/storage_account/container/container.tf:4-9
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/ensure-storage-logging-is-enabled-for-blob-service-for-read-requests.html
    
    		4 | resource "azurerm_storage_container" "stg" {
    		5 |   name                  = var.settings.name
    		6 |   storage_account_name  = var.storage_account_name
    		7 |   container_access_type = try(var.settings.container_access_type, "private")
    		8 |   metadata              = try(var.settings.metadata, null)
    		9 | }
    Check: CKV2_AZURE_19: "Ensure that Azure Synapse workspaces have no IP firewall rules attached"
    	FAILED for resource: module.example.module.synapse_workspaces.azurerm_synapse_workspace.ws
    	File: /modules/analytics/synapse/workspace.tf:14-76
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-networking-policies/ensure-that-azure-synapse-workspaces-have-no-ip-firewall-rules-attached.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_22: "Ensure that Cognitive Services enables customer-managed key for encryption"
    	FAILED for resource: module.example.module.cognitive_services_account.azurerm_cognitive_account.service
    	File: /modules/cognitive_services/cognitive_services_account/cognitive_service_account.tf:11-49
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-azure-cognitive-services-enables-customer-managed-keys-cmks-for-encryption.html
    
    		11 | resource "azurerm_cognitive_account" "service" {
    		12 |   name                = azurecaf_name.service.result
    		13 |   location            = var.location
    		14 |   resource_group_name = var.resource_group_name
    		15 |   kind                = var.settings.kind
    		16 |   sku_name            = var.settings.sku_name
    		17 | 
    		18 |   qna_runtime_endpoint = var.settings.kind == "QnAMaker" ? var.settings.qna_runtime_endpoint : try(var.settings.qna_runtime_endpoint, null)
    		19 | 
    		20 |   dynamic "network_acls" {
    		21 |     for_each = can(var.settings.network_acls) ? [var.settings.network_acls] : []
    		22 |     content {
    		23 |       default_action = network_acls.value.default_action
    		24 |       ip_rules       = try(network_acls.value.ip_rules, null)
    		25 | 
    		26 |       # to support migration from 2.99.0 to 3.7.0
    		27 |       dynamic "virtual_network_rules" {
    		28 |         for_each = can(network_acls.value.virtual_network_subnet_ids) ? toset(network_acls.value.virtual_network_subnet_ids) : []
    		29 | 
    		30 |         content {
    		31 |           subnet_id = virtual_network_rules.value
    		32 |         }
    		33 |       }
    		34 | 
    		35 |       dynamic "virtual_network_rules" {
    		36 |         for_each = try(network_acls.value.virtual_network_rules, {})
    		37 | 
    		38 |         content {
    		39 |           subnet_id                            = virtual_network_rules.value.subnet_id
    		40 |           ignore_missing_vnet_service_endpoint = try(virtual_network_rules.value.ignore_missing_vnet_service_endpoint, null)
    		41 |         }
    		42 |       }
    		43 |     }
    		44 |   }
    		45 | 
    		46 |   custom_subdomain_name = try(var.settings.custom_subdomain_name, null)
    		47 | 
    		48 |   tags = try(var.settings.tags, {})
    		49 | }
    Check: CKV2_AZURE_9: "Ensure Virtual Machines are utilizing Managed Disks"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_virtual_machine.vm
    	File: /modules/compute/virtual_machine/vm_legacy.tf:29-214
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-virtual-machines-are-utilizing-managed-disks.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_5: "Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server"
    	FAILED for resource: module.example.module.mssql_servers.azurerm_mssql_server_vulnerability_assessment.mssql[0]
    	File: /modules/databases/mssql_server/vulnerability_assessment.tf:12-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-va-setting-also-send-email-notifications-to-admins-and-subscription-owners-is-set-for-an-sql-server.html
    
    		12 | resource "azurerm_mssql_server_vulnerability_assessment" "mssql" {
    		13 |   count = try(var.settings.security_alert_policy.vulnerability_assessment, null) == null ? 0 : 1
    		14 | 
    		15 |   server_security_alert_policy_id = azurerm_mssql_server_security_alert_policy.mssql.0.id
    		16 |   storage_container_path          = format("%s%s/", data.azurerm_storage_account.mssql_va.0.primary_blob_endpoint, try(var.settings.security_alert_policy.vulnerability_assessment.storage_account.container_path, "vascans"))
    		17 |   storage_account_access_key      = data.azurerm_storage_account.mssql_va.0.primary_access_key
    		18 |   recurring_scans {
    		19 |     enabled                   = try(var.settings.security_alert_policy.vulnerability_assessment.enabled, true)
    		20 |     email_subscription_admins = try(var.settings.security_alert_policy.vulnerability_assessment.email_subscription_admins, false)
    		21 |     emails                    = try(var.settings.security_alert_policy.vulnerability_assessment.email_addresses, null)
    		22 |   }
    		23 | }
    
    Check: CKV2_AZURE_15: "Ensure that Azure data factories are encrypted with a customer-managed key"
    	FAILED for resource: module.example.module.data_factory.azurerm_data_factory.df
    	File: /modules/data_factory/data_factory/module.tf:11-60
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-azure-data-factories-are-encrypted-with-a-customer-managed-key.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV_AZURE_24: "Ensure that 'Auditing' Retention is 'greater than 90 days' for SQL servers"
    	FAILED for resource: module.example.module.mssql_servers.azurerm_mssql_server.mssql
    	File: /modules/databases/mssql_server/server.tf:1-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-3.html
    
    		1  | resource "azurerm_mssql_server" "mssql" {
    		2  |   name                          = azurecaf_name.mssql.result
    		3  |   resource_group_name           = local.resource_group_name
    		4  |   location                      = local.location
    		5  |   version                       = try(var.settings.version, "12.0")
    		6  |   administrator_login           = try(var.settings.azuread_administrator.azuread_authentication_only, false) == true ? null : var.settings.administrator_login
    		7  |   administrator_login_password  = try(var.settings.azuread_administrator.azuread_authentication_only, false) == true ? null : try(var.settings.administrator_login_password, azurerm_key_vault_secret.sql_admin_password.0.value)
    		8  |   public_network_access_enabled = try(var.settings.public_network_access_enabled, true)
    		9  |   connection_policy             = try(var.settings.connection_policy, null)
    		10 |   minimum_tls_version           = try(var.settings.minimum_tls_version, null)
    		11 |   tags                          = local.tags
    		12 | 
    		13 |   dynamic "azuread_administrator" {
    		14 |     for_each = can(var.settings.azuread_administrator) ? [var.settings.azuread_administrator] : []
    		15 | 
    		16 |     content {
    		17 |       azuread_authentication_only = try(var.settings.azuread_administrator.azuread_authentication_only, false)
    		18 |       login_username              = can(var.settings.azuread_administrator.login_username) ? var.settings.azuread_administrator.login_username : try(var.azuread_groups[var.client_config.landingzone_key][var.settings.azuread_administrator.azuread_group_key].display_name, var.azuread_groups[var.settings.azuread_administrator.lz_key][var.settings.azuread_administrator.azuread_group_key].display_name)
    		19 |       object_id                   = can(var.settings.azuread_administrator.object_id) ? var.settings.azuread_administrator.object_id : try(var.azuread_groups[var.client_config.landingzone_key][var.settings.azuread_administrator.azuread_group_key].id, var.azuread_groups[var.settings.azuread_administrator.lz_key][var.settings.azuread_administrator.azuread_group_key].id)
    		20 |       tenant_id                   = can(var.settings.azuread_administrator.tenant_id) ? var.settings.azuread_administrator.tenant_id : try(var.azuread_groups[var.client_config.landingzone_key][var.settings.azuread_administrator.azuread_group_key].tenant_id, var.azuread_groups[var.settings.azuread_administrator.lz_key][var.settings.azuread_administrator.azuread_group_key].tenant_id)
    		21 |     }
    		22 |   }
    		23 | 
    		24 |   dynamic "identity" {
    		25 |     for_each = can(var.settings.identity) ? [var.settings.identity] : []
    		26 | 
    		27 |     content {
    		28 |       type = identity.value.type
    		29 |     }
    		30 |   }
    		31 | 
    		32 | }
    
    Check: CKV2_AZURE_12: "Ensure that virtual machines are backed up using Azure Backup"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_virtual_machine.vm
    	File: /modules/compute/virtual_machine/vm_legacy.tf:29-214
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-virtual-machines-are-backed-up-using-azure-backup.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_29: "Ensure AKS cluster has Azure CNI networking enabled"
    	FAILED for resource: module.example.module.aks_clusters.azurerm_kubernetes_cluster.aks
    	File: /modules/compute/aks/aks.tf:40-436
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: module.example.module.diagnostic_storage_accounts.azurerm_storage_account.stg
    	File: /modules/storage_account/storage_account.tf:20-256
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_38: "Ensure soft-delete is enabled on Azure storage account"
    	FAILED for resource: module.example.module.storage_accounts.azurerm_storage_account.stg
    	File: /modules/storage_account/storage_account.tf:20-256
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_16: "Ensure that MySQL server enables customer-managed key for encryption"
    	FAILED for resource: module.example.module.mysql_servers.azurerm_mysql_server.mysql
    	File: /modules/databases/mysql_server/server.tf:1-33
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-mysql-server-enables-customer-managed-key-for-encryption.html
    
    		1  | resource "azurerm_mysql_server" "mysql" {
    		2  | 
    		3  |   name                = azurecaf_name.mysql.result
    		4  |   resource_group_name = local.resource_group_name
    		5  |   location            = local.location
    		6  |   version             = var.settings.version
    		7  |   sku_name            = var.settings.sku_name
    		8  | 
    		9  |   administrator_login          = var.settings.administrator_login
    		10 |   administrator_login_password = try(var.settings.administrator_login_password, azurerm_key_vault_secret.mysql_admin_password.0.value)
    		11 | 
    		12 |   auto_grow_enabled                 = try(var.settings.auto_grow_enabled, true)
    		13 |   storage_mb                        = var.settings.storage_mb
    		14 |   backup_retention_days             = try(var.settings.backup_retention_days, null)
    		15 |   create_mode                       = try(var.settings.create_mode, "Default")
    		16 |   creation_source_server_id         = try(var.settings.creation_source_server_id, null)
    		17 |   geo_redundant_backup_enabled      = try(var.settings.geo_redundant_backup_enabled, null)
    		18 |   infrastructure_encryption_enabled = try(var.settings.infrastructure_encryption_enabled, false)
    		19 |   restore_point_in_time             = try(var.settings.restore_point_in_time, null)
    		20 |   public_network_access_enabled     = try(var.settings.public_network_access_enabled, true)
    		21 |   ssl_enforcement_enabled           = try(var.settings.ssl_enforcement_enabled, true)
    		22 |   ssl_minimal_tls_version_enforced  = try(var.settings.ssl_minimal_tls_version_enforced, "TLSEnforcementDisabled")
    		23 |   tags                              = local.tags
    		24 | 
    		25 |   dynamic "identity" {
    		26 |     for_each = lookup(var.settings, "identity", {}) == {} ? [] : [1]
    		27 | 
    		28 |     content {
    		29 |       type = var.settings.identity.type
    		30 |     }
    		31 |   }
    		32 | 
    		33 | }
    
    Check: CKV_AZURE_23: "Ensure that 'Auditing' is set to 'On' for SQL servers"
    	FAILED for resource: module.example.module.mssql_servers.azurerm_mssql_server.mssql
    	File: /modules/databases/mssql_server/server.tf:1-32
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-logging-policies/bc-azr-logging-2.html
    
    		1  | resource "azurerm_mssql_server" "mssql" {
    		2  |   name                          = azurecaf_name.mssql.result
    		3  |   resource_group_name           = local.resource_group_name
    		4  |   location                      = local.location
    		5  |   version                       = try(var.settings.version, "12.0")
    		6  |   administrator_login           = try(var.settings.azuread_administrator.azuread_authentication_only, false) == true ? null : var.settings.administrator_login
    		7  |   administrator_login_password  = try(var.settings.azuread_administrator.azuread_authentication_only, false) == true ? null : try(var.settings.administrator_login_password, azurerm_key_vault_secret.sql_admin_password.0.value)
    		8  |   public_network_access_enabled = try(var.settings.public_network_access_enabled, true)
    		9  |   connection_policy             = try(var.settings.connection_policy, null)
    		10 |   minimum_tls_version           = try(var.settings.minimum_tls_version, null)
    		11 |   tags                          = local.tags
    		12 | 
    		13 |   dynamic "azuread_administrator" {
    		14 |     for_each = can(var.settings.azuread_administrator) ? [var.settings.azuread_administrator] : []
    		15 | 
    		16 |     content {
    		17 |       azuread_authentication_only = try(var.settings.azuread_administrator.azuread_authentication_only, false)
    		18 |       login_username              = can(var.settings.azuread_administrator.login_username) ? var.settings.azuread_administrator.login_username : try(var.azuread_groups[var.client_config.landingzone_key][var.settings.azuread_administrator.azuread_group_key].display_name, var.azuread_groups[var.settings.azuread_administrator.lz_key][var.settings.azuread_administrator.azuread_group_key].display_name)
    		19 |       object_id                   = can(var.settings.azuread_administrator.object_id) ? var.settings.azuread_administrator.object_id : try(var.azuread_groups[var.client_config.landingzone_key][var.settings.azuread_administrator.azuread_group_key].id, var.azuread_groups[var.settings.azuread_administrator.lz_key][var.settings.azuread_administrator.azuread_group_key].id)
    		20 |       tenant_id                   = can(var.settings.azuread_administrator.tenant_id) ? var.settings.azuread_administrator.tenant_id : try(var.azuread_groups[var.client_config.landingzone_key][var.settings.azuread_administrator.azuread_group_key].tenant_id, var.azuread_groups[var.settings.azuread_administrator.lz_key][var.settings.azuread_administrator.azuread_group_key].tenant_id)
    		21 |     }
    		22 |   }
    		23 | 
    		24 |   dynamic "identity" {
    		25 |     for_each = can(var.settings.identity) ? [var.settings.identity] : []
    		26 | 
    		27 |     content {
    		28 |       type = identity.value.type
    		29 |     }
    		30 |   }
    		31 | 
    		32 | }
    
    Check: CKV2_AZURE_4: "Ensure Azure SQL server ADS VA Send scan reports to is configured"
    	FAILED for resource: module.example.module.mssql_servers.azurerm_mssql_server_vulnerability_assessment.mssql[0]
    	File: /modules/databases/mssql_server/vulnerability_assessment.tf:12-23
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-va-setting-send-scan-reports-to-is-configured-for-a-sql-server.html
    
    		12 | resource "azurerm_mssql_server_vulnerability_assessment" "mssql" {
    		13 |   count = try(var.settings.security_alert_policy.vulnerability_assessment, null) == null ? 0 : 1
    		14 | 
    		15 |   server_security_alert_policy_id = azurerm_mssql_server_security_alert_policy.mssql.0.id
    		16 |   storage_container_path          = format("%s%s/", data.azurerm_storage_account.mssql_va.0.primary_blob_endpoint, try(var.settings.security_alert_policy.vulnerability_assessment.storage_account.container_path, "vascans"))
    		17 |   storage_account_access_key      = data.azurerm_storage_account.mssql_va.0.primary_access_key
    		18 |   recurring_scans {
    		19 |     enabled                   = try(var.settings.security_alert_policy.vulnerability_assessment.enabled, true)
    		20 |     email_subscription_admins = try(var.settings.security_alert_policy.vulnerability_assessment.email_subscription_admins, false)
    		21 |     emails                    = try(var.settings.security_alert_policy.vulnerability_assessment.email_addresses, null)
    		22 |   }
    		23 | }
    
    Check: CKV2_AZURE_10: "Ensure that Microsoft Antimalware is configured to automatically updates for Virtual Machines"
    	FAILED for resource: module.example.module.virtual_machines.azurerm_virtual_machine.vm
    	File: /modules/compute/virtual_machine/vm_legacy.tf:29-214
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-that-microsoft-antimalware-is-configured-to-automatically-updates-for-virtual-machines.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_31: "Ensure VNET subnet is configured with a Network Security Group (NSG)"
    	FAILED for resource: module.example.module.networking.module.special_subnets.azurerm_subnet.subnet
    	File: /modules/networking/virtual_network/subnet/subnet.tf:12-39
    
    		12 | resource "azurerm_subnet" "subnet" {
    		13 | 
    		14 |   name                                          = azurecaf_name.subnet.result
    		15 |   resource_group_name                           = var.resource_group_name
    		16 |   virtual_network_name                          = var.virtual_network_name
    		17 |   address_prefixes                              = var.address_prefixes
    		18 |   service_endpoints                             = var.service_endpoints
    		19 |   private_endpoint_network_policies_enabled     = try(var.private_endpoint_network_policies_enabled, null)
    		20 |   private_link_service_network_policies_enabled = try(var.private_link_service_network_policies_enabled, null)
    		21 | 
    		22 |   dynamic "delegation" {
    		23 |     for_each = try(var.settings.delegation, null) == null ? [] : [1]
    		24 | 
    		25 |     content {
    		26 |       name = var.settings.delegation.name
    		27 | 
    		28 |       service_delegation {
    		29 |         name    = var.settings.delegation.service_delegation
    		30 |         actions = lookup(var.settings.delegation, "actions", null)
    		31 |       }
    		32 |     }
    		33 |   }
    		34 | 
    		35 |   lifecycle {
    		36 |     ignore_changes = [name]
    		37 |   }
    		38 | 
    		39 | }
    Check: CKV2_AZURE_31: "Ensure VNET subnet is configured with a Network Security Group (NSG)"
    	FAILED for resource: module.example.module.networking.module.subnets.azurerm_subnet.subnet
    	File: /modules/networking/virtual_network/subnet/subnet.tf:12-39
    
    		12 | resource "azurerm_subnet" "subnet" {
    		13 | 
    		14 |   name                                          = azurecaf_name.subnet.result
    		15 |   resource_group_name                           = var.resource_group_name
    		16 |   virtual_network_name                          = var.virtual_network_name
    		17 |   address_prefixes                              = var.address_prefixes
    		18 |   service_endpoints                             = var.service_endpoints
    		19 |   private_endpoint_network_policies_enabled     = try(var.private_endpoint_network_policies_enabled, null)
    		20 |   private_link_service_network_policies_enabled = try(var.private_link_service_network_policies_enabled, null)
    		21 | 
    		22 |   dynamic "delegation" {
    		23 |     for_each = try(var.settings.delegation, null) == null ? [] : [1]
    		24 | 
    		25 |     content {
    		26 |       name = var.settings.delegation.name
    		27 | 
    		28 |       service_delegation {
    		29 |         name    = var.settings.delegation.service_delegation
    		30 |         actions = lookup(var.settings.delegation, "actions", null)
    		31 |       }
    		32 |     }
    		33 |   }
    		34 | 
    		35 |   lifecycle {
    		36 |     ignore_changes = [name]
    		37 |   }
    		38 | 
    		39 | }
    Check: CKV2_AZURE_31: "Ensure VNET subnet is configured with a Network Security Group (NSG)"
    	FAILED for resource: module.example.module.virtual_subnets.azurerm_subnet.subnet
    	File: /modules/networking/virtual_network/subnet/subnet.tf:12-39
    
    		12 | resource "azurerm_subnet" "subnet" {
    		13 | 
    		14 |   name                                          = azurecaf_name.subnet.result
    		15 |   resource_group_name                           = var.resource_group_name
    		16 |   virtual_network_name                          = var.virtual_network_name
    		17 |   address_prefixes                              = var.address_prefixes
    		18 |   service_endpoints                             = var.service_endpoints
    		19 |   private_endpoint_network_policies_enabled     = try(var.private_endpoint_network_policies_enabled, null)
    		20 |   private_link_service_network_policies_enabled = try(var.private_link_service_network_policies_enabled, null)
    		21 | 
    		22 |   dynamic "delegation" {
    		23 |     for_each = try(var.settings.delegation, null) == null ? [] : [1]
    		24 | 
    		25 |     content {
    		26 |       name = var.settings.delegation.name
    		27 | 
    		28 |       service_delegation {
    		29 |         name    = var.settings.delegation.service_delegation
    		30 |         actions = lookup(var.settings.delegation, "actions", null)
    		31 |       }
    		32 |     }
    		33 |   }
    		34 | 
    		35 |   lifecycle {
    		36 |     ignore_changes = [name]
    		37 |   }
    		38 | 
    		39 | }
    Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
    	FAILED for resource: module.example.module.diagnostic_storage_accounts.azurerm_storage_account.stg
    	File: /modules/storage_account/storage_account.tf:20-256
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    Check: CKV2_AZURE_1: "Ensure storage for critical data are encrypted with Customer Managed Key"
    	FAILED for resource: module.example.module.storage_accounts.azurerm_storage_account.stg
    	File: /modules/storage_account/storage_account.tf:20-256
    	Guide: https://docs.paloaltonetworks.com/content/techdocs/en_US/prisma/prisma-cloud/prisma-cloud-code-security-policy-reference/azure-policies/azure-general-policies/ensure-storage-for-critical-data-are-encrypted-with-customer-managed-key.html
    
    		Code lines for this resource are too many. Please use IDE of your choice to review the file.
    arm scan results:
    
    Passed checks: 0, Failed checks: 1, Skipped checks: 0
    
    Check: CKV_AZURE_216: "Ensure DenyIntelMode is set to Deny for Azure Firewalls"
    	FAILED for resource: Microsoft.Network/azureFirewalls.[parameters('name')]
    	File: /modules/networking/virtual_wan/virtual_hub/arm_template_vhub_firewall.json:36-50
    
    		36 |     {
    		37 |       "apiVersion": "2019-09-01",
    		38 |       "type": "Microsoft.Network/azureFirewalls",
    		39 |       "name": "[parameters('name')]",
    		40 |       "location": "[parameters('location')]",
    		41 |       "properties": {
    		42 |           "virtualHub": {
    		43 |               "id": "[parameters('vwan_id')]"
    		44 |           },
    		45 |           "sku": {
    		46 |               "Name": "AZFW_Hub",
    		47 |               "Tier": "Standard"
    		48 |           }
    		49 |        }
    		50 |     }
    
    github_actions scan results:
    
    Passed checks: 404, Failed checks: 12, Skipped checks: 0
    
    Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
    	FAILED for resource: on(landingzone)
    	File: /.github/workflows/landingzone-scenarios.yaml:11-36
    
    		11 |       destroy:
    		12 |         description: Destroy the deployments at the end.
    		13 |         default: true
    		14 |         type: bool
    		15 |       landingzone_ref:
    		16 |         description: Set the base terraform landingzone tag, branch or ref to use to deploy the code
    		17 |         default: sqlmi.native.bugbash2
    		18 |         type: string
    		19 |       restart_phase:
    		20 |         description: "Select the phase to restart the job from:"
    		21 |         required: true
    		22 |         type: choice
    		23 |         default: phase1
    		24 |         options:
    		25 |           - phase1
    		26 |           - phase2
    		27 |       scenario:
    		28 |         description: "Select the scenario you want to run:"
    		29 |         required: false
    		30 |         type: choice
    		31 |         default: "landingzone-scenarios-longrunners.json"
    		32 |         options:
    		33 |           - landingzone-scenarios-longrunners.json
    		34 | 
    		35 | env:
    		36 |   TF_CLI_ARGS: "-no-color"
    
    Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
    	FAILED for resource: on(standalone-tf100)
    	File: /.github/workflows/standalone-tf100.yaml:11-24
    
    		11 |       scenario:
    		12 |         description: "Select the scenario you want to run:"
    		13 |         required: false
    		14 |         type: choice
    		15 |         default: "standalone-scenarios.json"
    		16 |         options:
    		17 |           - standalone-scenarios-azuread.json
    		18 |           - standalone-scenarios.json
    		19 |           - standalone-compute.json
    		20 |           - standalone-networking.json
    		21 |           - standalone-scenarios-longrunners.json
    		22 | 
    		23 | env:
    		24 |   TF_CLI_ARGS: "-no-color"
    
    Check: CKV_GHA_7: "The build output cannot be affected by user parameters other than the build entry point and the top-level source location. GitHub Actions workflow_dispatch inputs MUST be empty. "
    	FAILED for resource: on(standalone-regressor-tf100)
    	File: /.github/workflows/standalone-regressor-tf100.yaml:11-28
    
    		11 |       base_version:
    		12 |         description: 'Select the base version to use as baseline (refer to tags)'
    		13 |         required: true
    		14 |         type: string
    		15 |       scenario:
    		16 |         description: 'Select the scenario you want to run:'
    		17 |         required: false
    		18 |         type: choice
    		19 |         default: 'standalone-scenarios.json'
    		20 |         options:
    		21 |         - standalone-scenarios-azuread.json
    		22 |         - standalone-scenarios.json
    		23 |         - standalone-compute.json
    		24 |         - standalone-networking.json
    		25 |         - standalone-scenarios-longrunners.json
    		26 | 
    		27 | env:
    		28 |   TF_CLI_ARGS: '-no-color'
    
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(landingzone)
    	File: /.github/workflows/landingzone-scenarios.yaml:0-1
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(standalone-tf100)
    	File: /.github/workflows/standalone-tf100.yaml:0-1
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(rover)
    	File: /.github/workflows/rover.yaml:0-1
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(standalone-compute)
    	File: /.github/workflows/standalone-compute.yaml:0-1
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(standalone-regressor-tf100)
    	File: /.github/workflows/standalone-regressor-tf100.yaml:0-1
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(Release Drafter)
    	File: /.github/workflows/release-drafter.yml:0-1
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(phases_dispatcher)
    	File: /.github/workflows/phases.yaml:0-1
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(phases_dispatcher_destroy)
    	File: /.github/workflows/phases_destroy.yaml:0-1
    Check: CKV2_GHA_1: "Ensure top-level permissions are not set to write-all"
    	FAILED for resource: on(standalone-networking)
    	File: /.github/workflows/standalone-networking.yaml:0-1
    ansible scan results:
    
    Passed checks: 4, Failed checks: 0, Skipped checks: 0
    
    
    
                    
                  

    Linting

    This repository failed the Experience Builder Terraform Module's Linting validation. This means that a linting tool was not found to be implemented in any of the CICD tool configuration files in the repository.

    There is an opportunity to: